Malware - Search Results Redirected

Status
Not open for further replies.
S

ShinyGunz

New member
I got infected with a nasty malware yesterday and spent most of the day removing it with Spybot and Malwarebytes. Thought I had removed it all because neither Spybot or mbam detected any more infections, but when I go to use the internet, my pages keep being redirected. When I click on either of the links to download DDS my computer reboots. Let me know if I need to post any more information. Any help would be greatly appreciated.
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



Run this program and post the log in lew of DDS


OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
OTL logfile created on: 11/29/2010 1:11:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 21.39 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
Drive D: | 641.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JUSTIN | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\iolo\Common\Lib\sguard.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll ()
SRV - (IOLO_SRV) -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe ()
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)


========== Driver Services (SafeList) ==========

DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (XDva365) -- C:\WINDOWS\System32\XDva365.sys File not found
DRV - (XDva362) -- C:\WINDOWS\System32\XDva362.sys File not found
DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found
DRV - (XDva344) -- C:\WINDOWS\System32\XDva344.sys File not found
DRV - (XDva332) -- C:\WINDOWS\System32\XDva332.sys File not found
DRV - (XDva224) -- C:\WINDOWS\System32\XDva224.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys File not found
DRV - (L8042mou) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys File not found
DRV - (L8042Kbd) -- C:\WINDOWS\System32\Drivers\L8042Kbd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (XPacket) -- C:\WINDOWS\System32\xpacket.sys (iolo technologies, LLC)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (BS_I2cIo) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {CEAEE6ED-161E-4890-93CE-85EA5E377968}:1.0
FF - prefs.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{CEAEE6ED-161E-4890-93CE-85EA5E377968}: C:\Documents and Settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968} [2008/12/03 03:56:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/08 14:46:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/08 14:46:54 | 000,000,000 | ---D | M]

[2008/06/06 22:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/11/27 03:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions
[2009/06/25 16:32:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/20 21:41:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/17 13:14:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/09/01 23:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
[2010/11/27 03:40:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/08 22:48:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/29 15:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2010/03/28 22:07:33 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006/10/12 17:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2006/10/12 17:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2006/02/13 12:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/11/11 17:26:20 | 000,002,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/11/26 01:45:14 | 000,425,925 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14674 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [iolo Personal Firewall] C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://www.gamescampus.com/luncher/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231906288484 (MUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimatebaseballonline.com/myubo/launchubo.OCX (LaunchUBO.Ulit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.43 69.1.30.42
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/08 21:29:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/01/08 21:06:18 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{148cceae-d91f-11dd-ae52-00e04d95c022}\Shell - "" = AutoRun
O33 - MountPoints2\{148cceae-d91f-11dd-ae52-00e04d95c022}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{148cceae-d91f-11dd-ae52-00e04d95c022}\Shell\AutoRun\command - "" = E:\PhotoManager.exe -- File not found
O33 - MountPoints2\{978fe606-cbd2-11dd-ae43-00e04d95c022}\Shell - "" = AutoRun
O33 - MountPoints2\{978fe606-cbd2-11dd-ae43-00e04d95c022}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0dfc61c-3c9e-11dd-a980-0016e684d287}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/29 13:10:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/27 03:24:23 | 000,000,000 | ---D | C] -- C:\1b9f1bf7642a71ad6970b768
[2010/11/27 03:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 03:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/27 03:16:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/26 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/26 01:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/26 01:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/26 00:31:08 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/25 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/25 23:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/10/31 03:04:57 | 000,352,256 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/10/31 03:04:54 | 000,122,880 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/10/31 03:04:54 | 000,041,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2009/09/03 16:10:04 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2008/05/26 16:04:43 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2008/05/26 16:04:43 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/29 13:20:25 | 000,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/11/29 13:10:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/29 13:08:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 13:08:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/29 13:07:33 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/29 13:07:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/29 13:07:10 | 1072,943,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 03:22:29 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/29 03:22:25 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/29 03:22:22 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/29 02:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/29 00:06:14 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/28 22:52:14 | 004,159,246 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:29:16 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/27 03:17:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/27 03:16:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 22:48:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/26 22:48:41 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/26 22:48:36 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/26 19:29:22 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/26 18:53:41 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/26 17:35:20 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/26 17:34:57 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/26 17:34:53 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/26 17:34:51 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/26 17:34:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/26 15:52:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 12:43:19 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/26 11:29:14 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/26 03:11:44 | 000,444,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/26 03:11:43 | 000,072,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/26 01:45:14 | 000,425,925 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/26 00:59:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 00:35:35 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:31:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/11 15:33:16 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/11 03:39:33 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:57:03 | 072,343,566 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/10/31 03:27:14 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 22:52:14 | 004,159,246 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/28 22:49:00 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/27 03:17:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/26 01:31:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 01:31:06 | 000,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/11/26 01:31:01 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/26 01:31:01 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/26 01:31:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/26 01:30:59 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/26 01:30:58 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/26 00:35:35 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 15:27:52 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/10 23:17:44 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:53:25 | 072,343,566 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/09/29 12:05:30 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/29 12:05:29 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/09 20:11:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2010/09/09 20:11:43 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/09/09 20:11:43 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/07/09 13:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/27 22:32:43 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/27 19:43:51 | 000,004,764 | -HS- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\qadX88Alu
[2009/11/02 00:19:30 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/22 19:25:58 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/07/30 19:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/11 00:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2009/05/26 23:22:39 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/02/14 20:44:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/10 11:40:18 | 919,260,488 | ---- | C] () -- C:\Program Files\2MOONSExpedition.exe.downloading
[2009/01/06 16:50:58 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/01/06 15:41:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/13 12:46:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/23 23:26:04 | 000,000,001 | ---- | C] () -- C:\Program Files\Status.inf
[2008/06/23 23:18:03 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.SIG
[2008/06/23 23:18:02 | 000,449,563 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RES
[2008/06/23 23:17:59 | 001,281,785 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RTP
[2008/06/23 23:17:59 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.SIG
[2008/06/23 23:17:58 | 000,095,018 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RTP
[2008/06/23 23:17:58 | 000,000,016 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RES
[2008/06/23 23:17:57 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.SIG
[2008/06/23 23:17:56 | 000,237,764 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RES
[2008/06/23 23:17:56 | 000,084,357 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RTP
[2008/06/23 23:17:55 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.SIG
[2008/06/23 23:17:54 | 000,031,308 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RTP
[2008/06/23 23:17:54 | 000,008,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RES
[2008/06/23 23:17:53 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.SIG
[2008/06/23 23:17:01 | 033,250,935 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RES
[2008/06/23 23:16:41 | 013,378,045 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RTP
[2008/05/26 16:06:40 | 514,337,164 | ---- | C] () -- C:\Program Files\data4.pck
[2008/05/26 16:06:01 | 629,164,503 | ---- | C] () -- C:\Program Files\data3.pck
[2008/05/26 16:05:22 | 629,175,968 | ---- | C] () -- C:\Program Files\data2.pck
[2008/05/26 16:04:43 | 629,147,117 | ---- | C] () -- C:\Program Files\data1.pck
[2008/05/26 16:04:43 | 001,196,032 | ---- | C] () -- C:\Program Files\install.exe
[2008/05/26 16:04:43 | 001,080,216 | ---- | C] () -- C:\Program Files\check.md
[2008/05/26 16:04:43 | 000,052,156 | ---- | C] () -- C:\Program Files\Copyright.txt
[2008/05/26 16:04:43 | 000,004,968 | ---- | C] () -- C:\Program Files\install.ini
[2008/05/26 16:04:43 | 000,004,150 | ---- | C] () -- C:\Program Files\icon.ico
[2008/05/26 16:04:43 | 000,000,044 | ---- | C] () -- C:\Program Files\AutoRun.inf
[2008/05/03 14:37:24 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/02/07 21:21:24 | 000,005,582 | ---- | C] () -- C:\Program Files\install.log
[2007/11/27 13:46:26 | 000,000,377 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/11/27 13:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2007/11/27 13:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2007/11/27 13:45:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2007/11/11 22:53:28 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\PnkBstrK.sys
[2007/10/22 04:03:08 | 001,698,816 | ---- | C] () -- C:\Program Files\Microsoft_DirectX_SDK.msi
[2007/10/11 22:01:22 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/17 13:01:24 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/06/17 12:33:34 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/17 12:33:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/09 23:10:33 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/01/27 12:49:35 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/27 00:35:22 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 21:17:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/29 23:49:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/09 05:14:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/08 21:45:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/12/08 21:39:37 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/10/20 21:32:30 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/20 21:32:30 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/20 21:32:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/20 21:32:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/20 21:32:26 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/20 21:32:26 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/02/16 22:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
[2008/10/29 21:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/02/14 20:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/05/08 11:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
[2010/01/09 16:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/09/16 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Game Room
[2010/10/08 14:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/04/27 22:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/14 13:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/26 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/08 03:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/06 05:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/11/27 22:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/26 01:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/06/04 17:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/12/29 23:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\acccore
[2009/08/29 09:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\BitTorrent
[2009/12/27 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Braid
[2010/10/01 12:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\BugTrap Console Test108
[2008/08/17 12:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\CiscoCAA
[2007/04/01 00:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Command & Conquer 3 Tiberium Wars
[2007/03/02 19:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2007/01/31 20:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Dev-Cpp
[2010/08/20 23:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\gamigo
[2010/04/05 23:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GetRightToGo
[2008/01/12 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GSC
[2010/03/29 21:35:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Home\Application Data\ijjigame
[2010/11/26 11:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\iolo
[2010/08/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\launcher
[2010/09/09 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Maple
[2010/08/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Martial Empires Luancher OBT
[2009/09/24 18:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\NeopleLauncherDFO
[2009/11/02 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PrimoPDF
[2009/09/11 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\ProxyCap
[2009/11/12 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\runic games
[2009/09/18 16:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Subversion
[2010/09/14 18:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\TeamViewer
[2008/10/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Uniblue
[2009/01/06 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\uTorrent
[2008/08/07 15:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Windows Search
[2010/11/26 17:34:57 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/26 12:43:19 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/26 19:29:22 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/29 00:06:14 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/26 17:34:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/29 03:22:22 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/27 03:29:16 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/26 18:53:41 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/26 17:35:20 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/26 17:34:53 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/26 10:48:32 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/29 03:22:25 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/29 03:22:29 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/26 22:48:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/26 22:48:36 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/26 11:29:14 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/26 22:48:41 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/26 17:34:51 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/29 02:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\VersionCheck.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613

< End of report >
 
OTL Extras logfile created on: 11/29/2010 1:11:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 21.39 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
Drive D: | 641.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JUSTIN | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58708:TCP" = 58708:TCP:*:Enabled:Pando Media Booster
"58708:UDP" = 58708:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57938:TCP" = 57938:TCP:*:Enabled:Pando Media Booster
"57938:UDP" = 57938:UDP:*:Enabled:Pando Media Booster
"58708:TCP" = 58708:TCP:*:Enabled:Pando Media Booster
"58708:UDP" = 58708:UDP:*:Enabled:Pando Media Booster
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\America's Army\System\ArmyOps.exe" = C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps -- ()
"C:\Program Files\America's Army\System\Server.exe" = C:\Program Files\America's Army\System\Server.exe:*:Enabled:Server -- ()
"C:\Program Files\Sierra\FEARCombat\fpupdate.exe" = C:\Program Files\Sierra\FEARCombat\fpupdate.exe:*:Enabled:fpupdate -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\sn1per9mm\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\sn1per9mm\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Documents and Settings\Home\Local Settings\Temp\ElectronicArts_Patcher_000.exe" = C:\Documents and Settings\Home\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000 -- File not found
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.2\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.2\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas -- File not found
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater -- File not found
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\G4BOX\Metin2\metin2.bin" = C:\Program Files\G4BOX\Metin2\metin2.bin:*:Enabled:metin2 -- File not found
"C:\Program Files\NETAMIN\UBO_2007\patcher\fc.exe" = C:\Program Files\NETAMIN\UBO_2007\patcher\fc.exe:*:Enabled:fc -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\AeriaGames\Shaiya\Updater.exe" = C:\AeriaGames\Shaiya\Updater.exe:*:Enabled:Shaiya Updater -- File not found
"C:\Program Files\THQ\Frontlines-Fuel of War Beta\Binaries\FFOW-Beta.exe" = C:\Program Files\THQ\Frontlines-Fuel of War Beta\Binaries\FFOW-Beta.exe:*:Enabled:Frontlines Game -- File not found
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- File not found
"C:\Program Files\Steam\SteamApps\sn1per9mm\source sdk base\hl2.exe" = C:\Program Files\Steam\SteamApps\sn1per9mm\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"C:\Rohan\rohanclient.exe" = C:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Steam\SteamApps\moron1991alpha\garrysmod\hl2.exe" = C:\Program Files\Steam\SteamApps\moron1991alpha\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\America's Army Deploy Client\AADeployClient.exe" = C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient -- (US Army)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe" = C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty(R): World at War Multiplayer -- File not found
"C:\Program Files\Steam\SteamApps\moron1991alpha\source sdk base\hl2.exe" = C:\Program Files\Steam\SteamApps\moron1991alpha\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\SteamApps\moron1991alpha\insurgency\hl2.exe" = C:\Program Files\Steam\SteamApps\moron1991alpha\insurgency\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\sn1per9mm\half-life 2\hl2.exe" = C:\Program Files\Steam\SteamApps\sn1per9mm\half-life 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\Spring\spring.exe" = C:\Program Files\Spring\spring.exe:*:Disabled:spring -- File not found
"C:\Program Files\Spring\TASClient.exe" = C:\Program Files\Spring\TASClient.exe:*:Disabled:TA Spring lobby client -- File not found
"C:\Program Files\NETAMIN\UBO_2007\game\ubo.exe" = C:\Program Files\NETAMIN\UBO_2007\game\ubo.exe:*:Disabled:UBOnline -- File not found
"C:\Documents and Settings\Home\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Home\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" = C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe:*:Enabled:iolo Firewall® -- ()
"C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" = C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe:*:Enabled:iolo AntiVirus® -- File not found
"C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe" = C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Codemasters\Severance\Bin\Blade.exe" = C:\Program Files\Codemasters\Severance\Bin\Blade.exe:*:Enabled:Blade -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files\Subagames\Metin2\metin2.bin" = C:\Program Files\Subagames\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"C:\Program Files\USArmy\America's Army 3\Binaries\AA3Game.exe" = C:\Program Files\USArmy\America's Army 3\Binaries\AA3Game.exe:*:Enabled:AA3Game -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\Program Files\USArmy\Binaries\AA3Game.exe" = C:\Program Files\USArmy\Binaries\AA3Game.exe:*:Enabled:AA3Game -- File not found
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- File not found
"C:\Program Files\teci\Metin2\metin2.bin" = C:\Program Files\teci\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"C:\Program Files\Steam\SteamApps\sn1per9mm\garrysmod\hl2.exe" = C:\Program Files\Steam\SteamApps\sn1per9mm\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\DFO\DFO.exe" = C:\Program Files\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online -- (neople)
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files\Steam\SteamApps\common\torchlight\TorchED\Editor.exe" = C:\Program Files\Steam\SteamApps\common\torchlight\TorchED\Editor.exe:*:Enabled:Torchlight Editor -- (Runic Games, Inc.)
"C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe" = C:\Program Files\Microsoft Corporation\Tinker\Tinker.exe:*:Enabled:Tinker -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\moron1991alpha\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\moron1991alpha\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37A74613-3D31-47AF-9E3B-827A010E9FCF}" = System Requirements Lab
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B22DD86-47B1-4454-BFF7-64FCA3D0631C}" = Soul of the Ultimate Nation
"{4D530901-0614-4537-B4CE-EA1000028301}" = Game Room
"{4D530901-7D3A-492E-96E0-D21000008300}" = Game Room
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5CFADB30-1F11-4C66-B9B5-CFDA9FBD6B7F}" = America's Army Server Manager
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{632B286A-CD76-47A4-8C34-1AF49B08CEA3}" = The Thing
"{6778954C-13C2-4333-AF77-F5C885EB280F}" = America's Army
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BA8220-EF76-4F0E-974D-2D56A2E25103}" = America's Army Server Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9BD391C-A3D7-47EC-847C-A22935AB0193}" = TWL AA Cheat Deterrent Client
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7476D9E-31C0-4BA9-9B0B-10ECFBC60A27}" = EG-Dekaron
"{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA97B421-06CB-4040-8EC9-6ED02EA87930}" = Microsoft DirectX SDK (November 2007)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA20FED-A903-46A2-B197-789B4456B508}" = HW Monitor
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D2CC2113-CC7C-4055-AAE9-A235C56D0136}" = Cisco NAC Agent
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series Basic Device Software
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{EBE7050B-7988-4BC3-BBFD-5C6828859483}" = Game Cam v1.4
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"BBD3F66B-1180-4785-B679-3F91572CD3B4_is1" = iolo Personal Firewall
"Collab" = Collab
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DFO" = DFOLauncher
"Download Manager" = Download Manager 2.3.9
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 8" = FL Studio 8
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4D530901-7D3A-492E-96E0-D21000008300}" = Game Room
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"Gunz" = ijji - Gunz
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"InstallShield_{C6F2BB06-0203-4B36-BFB7-9088265682F5}" = DemonFlyFFv14
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 14" = Maple 14
"Metin2.us_is1" = Metin2.us
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Runic Games Torchlight" = Torchlight
"Starcraft" = Starcraft
"Starry Night Pro" = Starry Night Pro
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 17700" = Insurgency
"Steam App 2100" = Dark Messiah Might and Magic Single Player
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 26800" = Braid
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TmNationsForever_is1" = TmNationsForever
"Toxic Biohazard" = Toxic Biohazard
"Veoh Web Player Beta" = Veoh Web Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0638265cfb8124a6" = AA2Deploy
"2a4f70b48f669acd" = AA3Deploy
"BitTorrent" = BitTorrent
"ijji.com" = ijji
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Hello,

You do have a bit going on , let me give you a heads up on these

C:\Program Files\uTorrent
C:\Program Files\BitTorrent

Any form of File Sharing is not safe. Your downloading that file from an unknown source and not all but most contain malware. The low life that write malware are in tune to this and this is one of the latest ways to infect you. I am going to ask you to uninstall them via Add Remove Programs in the Control Panel. If you don't and we clean you up, you will just keep getting infected wasting both your and my time.

After you uninstall them, then run this program.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Not sure why BitTorrent was on my computer but it is gone now. I could not find anything related to uTorrent on my computer. It wasn't in add/remove programs and nothing came up when searching for it. Here is the combofix log:

ComboFix 10-11-29.03 - Home 11/29/2010 19:59:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.623 [GMT -6:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Home\Application Data\Google\T-Scan
c:\documents and settings\Home\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Home\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Home\Application Data\Google\T-Scan\Thumbs.db
c:\documents and settings\Home\Application Data\Google\T-Scan\y.gif
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\chrome.manifest
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\chrome\content\_cfg.js
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\chrome\content\c.js
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\chrome\content\overlay.xul
c:\documents and settings\Home\Local Settings\Application Data\{CEAEE6ED-161E-4890-93CE-85EA5E377968}\install.rdf
C:\install.exe
c:\program files\autorun.inf
c:\program files\driver
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\system32\launcher.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-30 )))))))))))))))))))))))))))))))
.

2010-11-27 09:24 . 2010-11-27 09:24 -------- d-----w- C:\1b9f1bf7642a71ad6970b768
2010-11-27 09:17 . 2010-11-27 09:17 -------- d-----w- c:\program files\ERUNT
2010-11-26 08:09 . 2010-11-26 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-26 07:31 . 2010-11-30 02:18 763904 ----a-w- c:\windows\system32\drivers\tjjntrciv.sys
2010-11-26 07:29 . 2010-11-26 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB
2010-11-26 06:35 . 2010-11-26 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-26 06:35 . 2010-11-26 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 19:35 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-04 19:35 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-10-31 09:04 . 2009-10-08 19:24 352256 ----a-w- c:\windows\vncutil.exe
2010-10-31 09:04 . 2009-10-23 23:53 41984 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-10-31 09:04 . 2009-03-17 19:07 122880 ----a-w- c:\windows\RtkAudioService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:11 . 2008-08-07 02:44 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 02:11 . 2010-09-10 02:11 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-09-10 02:11 . 2010-09-10 02:11 31744 ----a-w- c:\windows\system32\maplec.dll
2010-09-10 02:11 . 2010-09-10 02:11 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-05 21:01 . 2010-09-05 21:01 967 ----a-w- c:\windows\ScUnin.pif
2010-09-05 21:01 . 2010-09-05 21:01 94208 ----a-w- c:\windows\ScUnin.exe
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2007-10-22 10:03 . 2007-10-22 10:03 1698816 ----a-w- c:\program files\Microsoft_DirectX_SDK.msi
2007-09-19 04:41 . 2008-05-26 22:04 258352 ----a-w- c:\program files\unicows.dll
2007-09-19 04:41 . 2008-05-26 22:04 1196032 ----a-w- c:\program files\install.exe
2007-09-19 04:41 . 2008-05-26 22:04 372736 ----a-w- c:\program files\ijl15.dll
2006-10-12 23:17 . 2006-12-23 20:50 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-02-13 18:07 . 2006-12-23 20:50 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

[7] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[7] 2006-02-28 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2010-04-21 520616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2010-07-15 1335976]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six]
backup=c:\windows\pss\Registration Tom Clancy's Rainbow SixStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 21:27 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
"<NO NAME>"=
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\America's Army\\System\\Server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.2\\cnc3game.dat"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\source sdk base\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Subagames\\Metin2\\metin2.bin"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\teci\\Metin2\\metin2.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DFO\\DFO.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\TorchED\\Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57938:TCP"= 57938:TCP:Pando Media Booster
"57938:UDP"= 57938:UDP:Pando Media Booster
"58708:TCP"= 58708:TCP:Pando Media Booster
"58708:UDP"= 58708:UDP:Pando Media Booster
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [1/6/2009 4:50 PM 39424]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2008 8:39 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [8/6/2008 9:54 PM 8192]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/26/2009 11:22 PM 33824]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 5:25 PM 122408]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 5:25 PM 1117224]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 5:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 5:11 PM 117288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/6/2008 8:50 PM 38176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/19/2008 4:33 PM 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 5:11 PM 113192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva365;XDva365;\??\c:\windows\system32\XDva365.sys --> c:\windows\system32\XDva365.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [11/21/2009 8:35 PM 742144]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - tjjntrciv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-11-30 c:\windows\Tasks\VersionCheck.job
- c:\documents and settings\All Users\Application Data\WSTB\localeX86.exe [2010-11-11 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 20:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tjjntrciv]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1606980848-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,50,3d,be,28,83,ef,e5,a6,16,59,d2,7c,c8,2e,8a,70,c5,af,80,d5,2c,c7,
d9,9a,2f,9d,9b,5b,97,5e,99,6d,6d,0a,10,16,6e,e4,5b,87,62,28,89,04,00,58,50,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\iavlsp.dll
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll

- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\iolo\System Mechanic Professional\IoloSGCtrl.exe
c:\windows\system32\wscntfy.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
.
**************************************************************************
.
Completion time: 2010-11-29 20:28:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-30 02:28

Pre-Run: 22,449,000,448 bytes free
Post-Run: 25,273,933,824 bytes free

- - End Of File - - 00C89315E5075E2FA0E8CC57BB76EC66
 
Hi,

We need to check this file, just upload it and post the report

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

c:\windows\system32\drivers\tjjntrciv.sys <--This file



If the site is busy you can try this one
http://virusscan.jotti.org/en








Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::


Code: 
File::
C:\windows\system32\drivers\svchost.exe
c:\windows\system32\XDva224.sys
c:\windows\system32\XDva332.sys
c:\windows\system32\XDva344.sys
c:\windows\system32\XDva359.sys 
c:\windows\system32\XDva362.sys 
c:\windows\system32\XDva365.sys 

Driver::
XDva224
XDva332
XDva344
XDva359
XDva362
XDva365



Fcopy::
c:\windows\system32\dllcache\ctfmon.exe | c:\windows\System32\ctfmon.exe
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll | c:\windows\system32\mspmsnsv.dll
c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll | c:\windows\system32\dllcache\mspmsnsv.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
 
I get no report back when uploading to VirusTotal and the virusscan one says the file is empty when I go to upload it.

Should I wait to do the notepad part until I can get the report or do it now?
 
I hope SystemGuard didn't block it from running properly. I walked away from computer while it was restarting and when I came back I noticed SystemGuard had started back up and I'm wondering if it may have blocked something while I was in other room.
 
C:\ComboFix.txt <--You can find the log here, look at the date and make sure you post the latest one.
 
Here is whats in the ComboFix.txt :

ComboFix 10-11-30.02 - Home 11/30/2010 16:19:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.479 [GMT -6:00]
Running from: C:\Documents and Settings\Home\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Home\Desktop\CFScript.txt
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

FILE ::
"C:\windows\system32\drivers\svchost.exe"
"c:\windows\system32\XDva224.sys"
"c:\windows\system32\XDva332.sys"
"c:\windows\system32\XDva344.sys"
"c:\windows\system32\XDva359.sys"
"c:\windows\system32\XDva362.sys"
"c:\windows\system32\XDva365.sys"
.
 
Drag Combofix to the trash and download a fresh copy and run the scan normally without any script, then post the new log please.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
ComboFix 10-11-30.02 - Home 11/30/2010 20:01:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.405 [GMT -6:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA224
-------\Legacy_XDVA332
-------\Legacy_XDVA344
-------\Legacy_XDVA359
-------\Legacy_XDVA362
-------\Legacy_XDVA365
-------\Service_XDva224
-------\Service_XDva332
-------\Service_XDva344
-------\Service_XDva359
-------\Service_XDva362
-------\Service_XDva365


((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-11-27 09:24 . 2010-11-27 09:24 -------- d-----w- C:\1b9f1bf7642a71ad6970b768
2010-11-27 09:17 . 2010-11-27 09:17 -------- d-----w- c:\program files\ERUNT
2010-11-26 08:09 . 2010-11-26 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-26 07:31 . 2010-12-01 02:14 763904 ----a-w- c:\windows\system32\drivers\tjjntrciv.sys
2010-11-26 07:29 . 2010-11-26 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB
2010-11-26 06:35 . 2010-11-26 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-26 06:35 . 2010-11-26 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 19:35 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-04 19:35 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:11 . 2008-08-07 02:44 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 02:11 . 2010-09-10 02:11 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-09-10 02:11 . 2010-09-10 02:11 31744 ----a-w- c:\windows\system32\maplec.dll
2010-09-10 02:11 . 2010-09-10 02:11 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-05 21:01 . 2010-09-05 21:01 967 ----a-w- c:\windows\ScUnin.pif
2010-09-05 21:01 . 2010-09-05 21:01 94208 ----a-w- c:\windows\ScUnin.exe
2007-10-22 10:03 . 2007-10-22 10:03 1698816 ----a-w- c:\program files\Microsoft_DirectX_SDK.msi
2007-09-19 04:41 . 2008-05-26 22:04 258352 ----a-w- c:\program files\unicows.dll
2007-09-19 04:41 . 2008-05-26 22:04 1196032 ----a-w- c:\program files\install.exe
2007-09-19 04:41 . 2008-05-26 22:04 372736 ----a-w- c:\program files\ijl15.dll
2006-10-12 23:17 . 2006-12-23 20:50 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-02-13 18:07 . 2006-12-23 20:50 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

[7] 2006-02-28 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2010-04-21 520616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2010-07-15 1335976]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six]
backup=c:\windows\pss\Registration Tom Clancy's Rainbow SixStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 21:27 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
"<NO NAME>"=
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\America's Army\\System\\Server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.2\\cnc3game.dat"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\source sdk base\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Subagames\\Metin2\\metin2.bin"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\teci\\Metin2\\metin2.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DFO\\DFO.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\TorchED\\Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57938:TCP"= 57938:TCP:Pando Media Booster
"57938:UDP"= 57938:UDP:Pando Media Booster
"58708:TCP"= 58708:TCP:Pando Media Booster
"58708:UDP"= 58708:UDP:Pando Media Booster
"1176:TCP"= 1176:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [1/6/2009 4:50 PM 39424]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2008 8:39 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [8/6/2008 9:54 PM 8192]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/26/2009 11:22 PM 33824]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 5:25 PM 122408]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 5:25 PM 1117224]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 5:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 5:11 PM 117288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/6/2008 8:50 PM 38176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/19/2008 4:33 PM 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 5:11 PM 113192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [11/21/2009 8:35 PM 742144]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - tjjntrciv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-12-01 c:\windows\Tasks\VersionCheck.job
- c:\documents and settings\All Users\Application Data\WSTB\localeX86.exe [2010-11-11 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 20:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tjjntrciv]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1606980848-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,50,3d,be,28,83,ef,e5,a6,16,59,d2,7c,c8,2e,8a,70,c5,af,80,d5,2c,c7,
d9,9a,2f,9d,9b,5b,97,5e,99,6d,6d,0a,10,16,6e,e4,5b,87,62,28,89,04,00,58,50,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\iavlsp.dll
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2010-11-30 20:17:59
ComboFix-quarantined-files.txt 2010-12-01 02:17
ComboFix2.txt 2010-11-30 02:28

Pre-Run: 25,160,589,312 bytes free
Post-Run: 25,136,287,744 bytes free

- - End Of File - - 2C9A4E0BAE4924E2D7699CAE3684A633
 
Hi,

We still need to fix that file, lets do this

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
ctfmon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt






Then run OTL again and post a new log
 
Here is the results of the SystemLook, I'll post the OTL in few minutes when it finishes.

SystemLook 04.09.10 by jpshortstuff
Log created at 03:15 on 01/12/2010 by Home
Administrator - Elevation successful

========== filefind ==========

Searching for "ctfmon.exe"
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe -----c- 15360 bytes [03:13 07/08/2008] [12:00 28/02/2006] 24232996A38C0B0CF151C2140AE29FC8

-= EOF =-
 
OTL logfile created on: 12/1/2010 3:24:08 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 467.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 23.29 Gb Free Space | 15.62% Space Free | Partition Type: NTFS
Drive D: | 641.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JUSTIN | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\iolo\Common\Lib\sguard.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (IOLO_SRV) -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe ()
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)


========== Driver Services (SafeList) ==========

DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys File not found
DRV - (L8042mou) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys File not found
DRV - (L8042Kbd) -- C:\WINDOWS\System32\Drivers\L8042Kbd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Home\LOCALS~1\Temp\catchme.sys File not found
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (XPacket) -- C:\WINDOWS\System32\xpacket.sys (iolo technologies, LLC)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (BS_I2cIo) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="

FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/30 20:42:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 20:41:58 | 000,000,000 | ---D | M]

[2008/06/06 22:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/11/30 20:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions
[2009/06/25 16:32:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/20 21:41:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/17 13:14:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/09/01 23:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
[2010/11/30 20:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/08 22:48:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2010/03/28 22:07:33 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006/10/12 17:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2006/10/12 17:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2006/02/13 12:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/11/11 17:26:20 | 000,002,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/11/30 16:35:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [iolo Personal Firewall] C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://www.gamescampus.com/luncher/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231906288484 (MUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimatebaseballonline.com/myubo/launchubo.OCX (LaunchUBO.Ulit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.43 69.1.30.42
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/08 21:29:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/01/08 21:06:18 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 03:14:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/29 19:48:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/29 19:43:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/29 19:43:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/29 19:43:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/29 19:43:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/29 19:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/29 13:10:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/27 03:24:23 | 000,000,000 | ---D | C] -- C:\1b9f1bf7642a71ad6970b768
[2010/11/27 03:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 03:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/27 03:16:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/26 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/26 01:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/26 01:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/26 00:31:08 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/25 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/25 23:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/09/03 16:10:04 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2008/05/26 16:04:43 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2008/05/26 16:04:43 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 03:32:38 | 000,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/12/01 03:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/12/01 03:10:58 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\SystemLook.exe
[2010/12/01 03:06:57 | 000,444,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/01 03:06:57 | 000,072,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/30 19:59:27 | 003,982,824 | R--- | M] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe
[2010/11/30 16:35:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/30 16:35:39 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/30 16:35:36 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/30 16:35:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/30 16:35:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/30 16:35:00 | 1072,943,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/29 19:48:16 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010/11/29 13:10:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/28 22:52:14 | 004,159,246 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:17:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/27 03:16:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 15:52:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 00:59:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 00:35:35 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:31:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/11 15:33:16 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/11 03:39:33 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:57:03 | 072,343,566 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/01 03:11:01 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\SystemLook.exe
[2010/11/30 19:59:24 | 003,982,824 | R--- | C] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe
[2010/11/30 16:35:39 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/29 19:48:15 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/11/29 19:48:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/29 19:43:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/29 19:43:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/29 19:43:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/29 19:43:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/29 19:43:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/28 22:52:14 | 004,159,246 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:17:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/26 01:31:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 01:31:06 | 000,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/11/26 00:35:35 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 15:27:52 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/10 23:17:44 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:53:25 | 072,343,566 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/09/29 12:05:30 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/29 12:05:29 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/09 20:11:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2010/09/09 20:11:43 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/09/09 20:11:43 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/07/09 13:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/27 22:32:43 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/27 19:43:51 | 000,004,764 | -HS- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\qadX88Alu
[2009/11/02 00:19:30 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/22 19:25:58 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/07/30 19:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/11 00:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2009/05/26 23:22:39 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/02/14 20:44:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/10 11:40:18 | 919,260,488 | ---- | C] () -- C:\Program Files\2MOONSExpedition.exe.downloading
[2009/01/06 16:50:58 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/01/06 15:41:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/13 12:46:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/23 23:26:04 | 000,000,001 | ---- | C] () -- C:\Program Files\Status.inf
[2008/06/23 23:18:03 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.SIG
[2008/06/23 23:18:02 | 000,449,563 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RES
[2008/06/23 23:17:59 | 001,281,785 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RTP
[2008/06/23 23:17:59 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.SIG
[2008/06/23 23:17:58 | 000,095,018 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RTP
[2008/06/23 23:17:58 | 000,000,016 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RES
[2008/06/23 23:17:57 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.SIG
[2008/06/23 23:17:56 | 000,237,764 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RES
[2008/06/23 23:17:56 | 000,084,357 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RTP
[2008/06/23 23:17:55 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.SIG
[2008/06/23 23:17:54 | 000,031,308 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RTP
[2008/06/23 23:17:54 | 000,008,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RES
[2008/06/23 23:17:53 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.SIG
[2008/06/23 23:17:01 | 033,250,935 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RES
[2008/06/23 23:16:41 | 013,378,045 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RTP
[2008/05/26 16:06:40 | 514,337,164 | ---- | C] () -- C:\Program Files\data4.pck
[2008/05/26 16:06:01 | 629,164,503 | ---- | C] () -- C:\Program Files\data3.pck
[2008/05/26 16:05:22 | 629,175,968 | ---- | C] () -- C:\Program Files\data2.pck
[2008/05/26 16:04:43 | 629,147,117 | ---- | C] () -- C:\Program Files\data1.pck
[2008/05/26 16:04:43 | 001,196,032 | ---- | C] () -- C:\Program Files\install.exe
[2008/05/26 16:04:43 | 001,080,216 | ---- | C] () -- C:\Program Files\check.md
[2008/05/26 16:04:43 | 000,052,156 | ---- | C] () -- C:\Program Files\Copyright.txt
[2008/05/26 16:04:43 | 000,004,968 | ---- | C] () -- C:\Program Files\install.ini
[2008/05/26 16:04:43 | 000,004,150 | ---- | C] () -- C:\Program Files\icon.ico
[2008/05/03 14:37:24 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/11/27 13:46:26 | 000,000,377 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/11/27 13:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2007/11/27 13:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2007/11/27 13:45:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2007/11/11 22:53:28 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\PnkBstrK.sys
[2007/10/22 04:03:08 | 001,698,816 | ---- | C] () -- C:\Program Files\Microsoft_DirectX_SDK.msi
[2007/10/11 22:01:22 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/17 13:01:24 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/06/17 12:33:34 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/17 12:33:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/09 23:10:33 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/01/27 12:49:35 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/27 00:35:22 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 21:17:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/29 23:49:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/09 05:14:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/08 21:45:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/12/08 21:39:37 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/10/20 21:32:30 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/20 21:32:30 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/20 21:32:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/20 21:32:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/20 21:32:26 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/20 21:32:26 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/02/16 22:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
[2008/10/29 21:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/02/14 20:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/05/08 11:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
[2010/01/09 16:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/09/16 19:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Game Room
[2010/10/08 14:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/04/27 22:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/14 13:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/26 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/08 03:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/06 05:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/11/27 22:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/26 01:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/06/04 17:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/12/29 23:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\acccore
[2010/11/29 19:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\BitTorrent
[2009/12/27 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Braid
[2010/10/01 12:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\BugTrap Console Test108
[2008/08/17 12:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\CiscoCAA
[2007/04/01 00:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Command & Conquer 3 Tiberium Wars
[2007/03/02 19:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2007/01/31 20:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Dev-Cpp
[2010/08/20 23:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\gamigo
[2010/04/05 23:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GetRightToGo
[2008/01/12 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\GSC
[2010/03/29 21:35:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Home\Application Data\ijjigame
[2010/11/26 11:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\iolo
[2010/08/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\launcher
[2010/09/09 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Maple
[2010/08/20 23:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Martial Empires Luancher OBT
[2009/09/24 18:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\NeopleLauncherDFO
[2009/11/02 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\PrimoPDF
[2009/09/11 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\ProxyCap
[2009/11/12 19:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\runic games
[2009/09/18 16:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Subversion
[2010/09/14 18:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\TeamViewer
[2008/10/12 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Uniblue
[2009/01/06 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\uTorrent
[2008/08/07 15:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Windows Search
[2010/12/01 03:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\VersionCheck.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613

< End of report >
 
Status
Not open for further replies.
Back
Top