Topic moved in here cause that's the place that fits
Redirects 3 times; spybot / mbam not working???
try this again... I had taken an hour and a half to post the problems i was having, when Firefox crashed before i could save/post it!!!
So, as I was saying, I've been having a problem with Firefox for a while now with it redirecting to other sites. It always goes to the correct site on the third or forth try; and works every time if I use the address bar, (I never liked bookmarks or other ways to track / navigate the web).
I was looking at the download history for windows update because I have had to download the Malicious Software Removal tool 9 times in the last 10 days, (somtetimes twice a day). It never did work, as I just tried the October Removal Tool this morn., Do not know yet if it actually loaded or not.
This prompted me to start a clean-up process i have done for years, which includes leaving Win. Defender and AVG open before there schedualed tests (so the results will be displayed the next morn.), (of which they found nothing)...
Next would be Spybot Search and Destroy : everything was working fine, (would load fine, check for updates, I checked the start up list, immunize the system and check System Internals without incident) but if I try to run a full scan it will for about two seconds and then close the program, (I tried a few times)...
The Defrag I use still works, as well as Disk Cleanup and CCleaner.
If I reboot my computer Live Messenger will automatically start (but not sign in) yesterday (sept 22nd) i woke up to about ten error mess. onscreen (all the same) : <Windows Live Communications Platform has stopped working... would you like to send an error report> ?
Other programs that are not currently working include : PCI Audio Applications -The MP3 Player, Mixer, or the CD Player will not open.
MP3Gain - Will load (the program), anylise / fix individual songs, but if i try to perform these actions on a batch of songs the program closes.
I have read a few of the other posts regarding this topic and decided that (because all computers a different) I would start my own thread...
I have also tried to download Mbam -downloaded, setup, and ran properly, but when I tried to run test; the program closed (same as Spybot) a few seconds later...
I tried RootRepeal which (again) ran properly { this time the test did too} so i left it to do its test... When I came back the program was closed and I have no idea if it finished or where the info was saved if any...
I downloaded AdAware 'anniversary edition, which downloaded and would open fine, but when I started a test it closed; now I will see the 'loading' screen for a few seconds, then an error mess. <Failed to connect to service.>
I have also attempted the HJT (HiJackThis) download, which worked up till it finished its test then it closed before I could read / save anything to file, I tried to run again and i get this mess. : <Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item> So I try open as admin..., same mess. Tried to reinstall..., same mess...
I found a program called (the) <Belarc Advisor> which will spit out a system report that i hope will help... Belarc As Follows...
-------------------------------------------------------------------------------------
Computer Profile Summary
Computer Name: Pc-master (in WORKGROUP) — CJE_Main
Profile Date: September-23-09 10:08:30 PM
Advisor Version: 7.2x
Windows Logon: cje
Click here for Belarc's System Management products, for large and small companies.
Operating System System Model
Windows Vista Home Basic Service Pack 2 (build 6002) LENOVO 7387A34 ThinkCentre XXXX
System Serial Number: ********* (i didnt want this public)
Enclosure Type: Mini-Tower
Processor a Main Circuit Board b
1.80 gigahertz AMD Sempron
64 kilobyte primary memory cache
256 kilobyte secondary memory cache Board: LENOVO LENOVO
BIOS: LENOVO 2NKT26AUS 03/15/2007
Drives Memory Modules c,d
575.45 Gigabytes Usable Hard Drive Capacity
406.72 Gigabytes Hard Drive Free Space
HL-DT-ST DVDRAM GSA-H10N ATA Device [CD-ROM drive]
HL-DT-ST RW/DVD GCC-H20N ATA Device [CD-ROM drive]
ST350083 0AS USB Device [Hard drive] (500.11 GB) -- drive 1
WDC WD80 0JD-08MSA1 SCSI Disk Device (80.03 GB) -- drive 0 1470 Megabytes Installed Memory
Slot 'S1' has 512 MB
Slot 'S2' has 1024 MB
Local Drive Volumes
c: (NTFS on drive 0) 75.47 GB 19.01 GB free
f: (FAT32 on drive 1) 499.98 GB 387.70 GB free
Network Drives
None detected
Users (mouse over user name for details) Printers
local user accounts last logon
cje 23/09/2009 5:27:40 PM (admin)
local system accounts
Administrator 29/05/2007 4:21:25 PM (admin)
ASPNET never
Guest 20/09/2009 12:01:09 AM
DISABLED Marks a disabled account; LOCKED OUT Marks a locked account
Lexmark X1100 Series on USB001
Lexmark X1100 Series on USB002
Lexmark X1100 Series on USB006
Microsoft XPS Document Writer on XPSPort:
Controllers Display
Standard floppy disk controller
IDE Channel [Controller] (2x)
NVIDIA nForce Serial ATA Controller
Standard Dual Channel PCI IDE Controller NVIDIA GeForce 6100 [Display adapter]
ACR AL1716 [Monitor] (17.1"vis, s/n L460C264404A, July 2007)
Bus Adapters Multimedia
Microsoft iSCSI Initiator
Standard Enhanced PCI to USB Host Controller
Standard OpenHCD USB Host Controller SoundMAX Integrated Digital HD Audio
Communications Other Devices
Broadcom NetLink ™ Gigabit Ethernet
primary Auto IP Address: *****
Gateway: ******
Dhcp Server: *******
Physical Address: *******
isatap.vs.shawcable.net
Teredo Tunneling Pseudo-Interface
Networking Dns Servers: *********
Logitech Driver Interface (3x)
HID-compliant consumer control device
HID-compliant device (3x)
USB Human Interface Device (2x)
Creative WebCam NX
Logitech HID-Compliant Keyboard
Logitech HID-compliant Cordless Mouse
SM bios service
USB Composite Device
USB Mass Storage Device
USB Root Hub (2x)
Generic volume shadow copy
Virus Protection [Back to Top]
Norton Internet Security Version 2007
Realtime File Scanning On
Missing Microsoft Security Hotfixes [Back to Top]
All required security hotfixes (using the 09/08/2009 Microsoft Security Bulletin Summary) have been installed.
Installed Microsoft Hotfixes [Back to Top]
.NET Framework 3.5 SP1
no verification data KB958484 on 30/01/2009 (details...)
no verification data KB963707 on 24/06/2009 (details...)
CAPICOM
no verification data KB931906 on 03/03/2008 (details...)
MSXML4SP2
no verification data KB936181 on 03/03/2008 (details...)
no verification data KB941833 on 04/03/2008 (details...)
no verification data KB954430 on 13/11/2008 (details...)
Click here to see all available Microsoft security hotfixes for this computer.
[installed security hotfix] Marks a security hotfix (using the 09/08/2009 Microsoft Security Bulletin Summary)
[failing installed security hotfix] Marks a security hotFix that fails verification (a security vulnerability)
verifies OK Marks a hotfix that verifies correctly
fails verification Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled)
Unmarked hotfixes lack the data to allow verification
Click here for Belarc's System Management products, for large and small companies.
Software Licenses [Back to Top]
Belarc - Advisor 7ec78f52
Corel - QuattroPro $serialno$
Lenovo - MachineInfo LX0BK0K
Microsoft - Internet Explorer 89572-OEM-7332166-00185 (Key: 2WP98-KHTH2-KC7KG-4YR37-H8PHC)e
Microsoft - Windows Vista Home Basic 89572-OEM-7332166-00185 (Key: 2WP98-KHTH2-KC7KG-4YR37-H8PHC)e
Software Versions (mouse over * for details, click * for location) [Back to Top]
Acrobat.com *
Adobe Acrobat Reader Version 5.0.0.0 *
Adobe AIR 1.0.1 Version 1.0.1 *
adobe.exe *
AOL LLC - Country Picker Version 1.7 *
Audacity *
Auslogics - Disk Defrag Version 2.x *
AVG Internet Security Version 8.5.0.408 *
Belarc, Inc. - Advisor Version 7.2x *
C-Media Electronic Inc. - AudioRack Version 1.07b *
C-Media Electronics Inc. - Multi-Channel Audio Demo Version 4, 0, 0, 1 *
Corel Common Framework Version 7.0.0.336 *
Corel Corporation - PerfectScript 13 Version 13.0.0.531 *
Corel Corporation - Presentations™ Version 13.0.0.531 *
Corel Corporation - Quattro Pro® Version 13.0.0.531 *
Corel Corporation - WordPerfect XML Project Designer Version 13.0.0.531 *
Corel Corporation - WordPerfect® Office Version 13.0.0.531 *
Corel Corporation - WordPerfect® Version 13.0.0.531 *
CorelDRAW® Version 11.4.0.531 *
Creative Product Registration Version 2.2.0.0 *
Creative Technology Ltd - PC-CAM Center Version 2.00 *
Creative Technology Ltd - PC-CAM Center Version 2.20 *
Creative Technology Ltd. - WebCam Monitor Version 3.1 *
Diskeeper ™ Disk Defragmenter Version 9.0.545.0 *
DivX Converter Version 7, 1, 0, 124 *
DivX for Windows Installer, L:EN;ES;DE;FR;JA, DivX Codec 6.8.5, DivX Converter 6.6.1, DivX Player 6.8.2, DivX Web Player 1.4.2 Version 6.8.5.11 *
DivX for Windows Installer, L:EN;ES;DE;FR;JA;PT;ZH-CN;ZH-TW, DivX Codec 6.8.5, DivX Converter 7.1.0, DivX Player 7.2.0, DivX H.264 Decoder 1.1.0, DivX AAC Decoder 7.1.0, DivX MKV Splitter 1.0.1, DivX Web Player 1.5.0 Version 10.1.2.26 *
DivX Player Version 7, 2, 0, 19 *
DivXNetworks Inc. - Config App. Version 2, 0, 0, 1 *
ESTsoft - ALZip Version 7.0 *
ESTsoft Corp. - ALTools Updater Version 9, 1, 22, 1 *
Flash Games *
GIMP 2.6.6 *
GSpot Codec Information Appliance Version 2, 7, 0, 1 *
Haali Muxer *
HijackThis *
i.Disk *
IBM - TSS Core Service Version 1,1,3,107 *
LaCieBackup Version 1.5.2378.16573 *
Leader Technologies/Lenovo - PowerRegister Version 1.09 *
Lenovo - Create Recovery Media Version 3,10,109,0 *
LENOVO - Help Center Version 5, 0, 0, 0 *
LENOVO - Message Center Version 3, 0, 0, 0 *
Lenovo Care Version 1.0.0.2 *
Lenovo Group Limited - Client Security Solution Version 8.00.0117.00 *
Lenovo Group Limited - CSSLauncher Version 8.0.8.0 * Lenovo Group Limited - Maintenance Manager Version 3.0.2.0 *
Lenovo Group Limited - Rescue and Recovery Version 4,0,118,0 *
Lenovo Group Limited - rrservice Module Version 4,0,118,0 *
Lenovo Group Limited - scheduler_proxy Application Version 4,0,504,0 *
Lenovo Group Limited - ThinkVantage System Update Service Version 3.0.23.0 *
Lenovo Group Limited - ThinkVantage Technologies Version 1.20.0301.00 *
Lenovo Group Limited - tvtsched Module Version 4,0,504,0 *
Lexmark International, Inc. - MarkVision for Windows (32 bit) Version 8.29 *
Logitech SetPoint Version 4.60.122 *
Macrovision Corporation - InstallShield Version 11.50 *
Malwarebytes' Anti-Malware Version 1.41 *
Maxtor Corporation - MSS & OneTouch Application Version 2, 2, 0, 6 *
MediaInfo *
Microsoft ® Windows Script Host Version 5.7.0.6000 *
Microsoft Corporation - digital locker assistant Version 1.6.5 *
Microsoft Corporation - Internet Explorer Version 7.00.6000.16386 *
Microsoft Corporation - Windows Defender Version 1.1.1600.0 *
Microsoft Corporation - Windows Installer - Unicode Version 4.5.6002.18005 *
Microsoft Corporation - Windows Live Call Version 14.0.8064.0206 *
Microsoft Corporation - Windows Live Messenger Version 14.0.8064.0206 *
Microsoft Corporation - Windows Live® Photo Gallery Version 14.0.8064 *
Microsoft Corporation - Windows Version 1.0.0.1 *
Microsoft SQL Server Version 9.00.4035.00 *
Microsoft® .NET Framework Version 2.0.50727.4016 *
Microsoft® .NET Framework Version 3.0.4506.4037 *
MONOGRAM GraphStudio Version 0.3.1.0 *
MONOGRAM Multimedia, s.r.o. - DSConfig Version 1.0.0.1 *
Mozilla Corporation - Firefox Version 3.5.3 *
mpc-hc@Sourceforge - Media Player Classic - Homecinema Version 1, 1, 0, 2 *
Piriform Ltd - CCleaner Version 2, 23, 0, 999 *
PSIService Version 2.0.0.1 *
PSP Video Express Version 1.0.0.0 *
rrpservice Module Version 4,0,118,0 *
Safer Networking Limited - Secure Shredder Version 1.9.0.0 *
Safer Networking Limited - Spybot - Search & Destroy Version 1, 5, 2, 0 *
Safer Networking Limited - Spybot - Search & Destroy Version 1, 6, 0, 30 *
Safer Networking Limited - Spybot - Search & Destroy Version 1.6.0.3 *
Safer Networking Limited - SpyBot-S&D Version 1, 6, 2, 0 *
Safer Networking Ltd. - Spybot - Search & Destroy Version 1, 6, 0, 0 *
Seagate Technology LLC - Drive Manager Version 4, 1, 2, 2 *
Seagate Technology LLC - Sync Version 4, 0, 0, 1 *
Setup/Uninstall *
Snelg Enterprises - MP3Gain GUI Version 1.02.0005 *
StatsReader Version 2, 1, 0, 0 *
Sun Microsystems, Inc. - Java™ Platform SE 6 U15 Version 6.0.150.3 *
System Update *
VideoLAN Team - VLC media player Version 0.8.6.0 *
VobSubStrip *
* Click to see where software is installed.
a. Megahertz measurement may be inaccurate if other programs were busy during last analysis.
b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
e. This may be the manufacturer's factory installed product key rather than yours.
Copyright 2000-7, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.
-----------------------------------------------------------------------------------
24-Sep-2009, 11:23 AM #2
??? <b.exe> ???...
Now its morning, and I have had more time to think about this. When I was on the computer about two weeks ago, AVG popped up with a mess regarding the file <b.exe>. I used AVG to fix; but later I ran accross the actual file, <b.exe>. I thought that was strange... but erased it manually and thought nothing more of it...
Till this morning. If I remember correctly, that was just before all this started.
Now I'm begining to wonder if that file is the culprit or not, (I'm no expert)
---------------------------------------------------------------------------------------
25-Sep-2009, 10:20 PM #3
kaspersky test i did... 1 threat, 26 infections found :(
Did this test, (took all day), but here are the results....
-
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 25, 2009
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 25, 2009 22:00:49
Records in database: 2920159
-
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 106047
Threats found: 1
Infected objects found: 26
Suspicious objects found: 0
Scan duration: 04:02:20
File name / Threat / Threats count
wininit.exe\A817D1EA.x86.dll/wininit.exe\A817D1EA.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
globalroot\Device\__max++>\A817D1EA.x86.dll/globalroot\Device\__max++>\A817D1EA.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 13
services.exe\A817D1EA.x86.dll/services.exe\A817D1EA.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
svchost.exe\A817D1EA.x86.dll/svchost.exe\A817D1EA.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 8
spoolsv.exe\A817D1EA.x86.dll/spoolsv.exe\A817D1EA.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
LEXPPS.EXE\A817D1EA.x86.dll/LEXPPS.EXE\A817D1EA.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
DkService.exe\A817D1EA.x86.dll/DkService.exe\A817D1EA.x86.dll Infected: Trojan-Spy.Win32.Agent.azpj 1
Selected area has been scanned.
-----------------------------------------------------------------------------------
29-Sep-2009, 01:00 AM #4
gooredfix.txt results...
Ps... I ran GooredFix by jpshortstuff (24.09.09.1)
Log created at 21:47 on 28/09/2009 (cje)
Firefox version 3.5.3 (en-GB)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
(none)
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [18:30 30/01/2009]
-=E.O.F=-
---------------------------------------------------------------------------------------------------------
Never got a response on another Help website so the copy paste was to easy...
-Oct 10 2009 -
I just Registered for your forum... (#1) uninstalled Malwarebytes and reinstalled (as admin)... Followed instructions and when Quick scan started; it ran for two seconds and closed... :( Try to run again and get error mess. : <Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item> So I try open as admin..., same mess.
(#2) "Done Cleaning, ATF-Cleaner has freed 36,777 MBs .. :) * NOTE * Firefox, Opera, and the 'Prefetch' options were inaccessable (grey'd out)??
(#3) Did all items here
(#4) Unchecked :)
(#5) Test complete:
OTL logfile created on: 14/10/2009 4:04:21 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\cje\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.44 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 59.72% Memory free
3.12 Gb Paging File | 2.29 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.29 Gb Total Space | 19.44 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 362.28 Gb Free Space | 77.80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-MASTER
Current User Name: cje
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/10/14 15:57:20 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
PRC - [2009/10/05 23:48:24 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/24 13:17:46 | 00,908,280 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/16 19:57:08 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/16 19:57:08 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/16 19:57:04 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/16 19:56:26 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/16 19:56:26 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/02/06 19:32:08 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/02 03:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/01/19 00:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 00:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/10/09 16:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/12/21 19:40:06 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/12/13 23:13:02 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2006/12/13 23:11:14 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/12/13 22:59:04 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/11/19 22:10:04 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006/11/15 16:21:56 | 00,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 16:20:46 | 00,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2003/08/18 03:37:09 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE
PRC - [2003/08/18 03:32:55 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXPPS.EXE
PRC - [2002/06/12 00:23:54 | 01,495,040 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\Windows\mixer.exe
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2009/08/16 19:57:08 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/16 19:57:04 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/07/03 07:49:06 | 01,029,456 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2009/04/10 23:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/29 21:42:10 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/06 19:32:08 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2008/05/02 03:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
SRV - [2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
SRV - [2006/12/21 19:40:06 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
SRV - [2006/12/13 23:13:02 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
SRV - [2006/12/13 23:11:14 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
SRV - [2006/11/19 22:10:04 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
SRV - [2006/11/15 16:20:46 | 00,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/08/18 03:37:09 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2009/08/16 19:56:24 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/16 19:56:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/03 07:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009/05/01 23:15:07 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/02/29 04:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2008/02/29 04:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 04:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 04:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2008/02/29 04:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/01/26 03:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2008/01/18 21:25:04 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Running])
DRV - [2007/05/29 16:14:36 | 00,033,536 | ---- | M] (Lenovo) -- C:\Windows\System32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Running])
DRV - [2007/04/09 09:50:34 | 00,009,600 | ---- | M] (Waytech Development, Inc.) -- C:\Windows\System32\Drivers\UsbFltr.sys -- (UsbFltr [On_Demand | Stopped])
DRV - [2007/03/22 21:47:00 | 07,467,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2007/02/18 22:56:46 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2007/01/09 09:22:28 | 00,006,144 | ---- | M] (Chic) -- C:\Windows\System32\DRIVERS\moufiltr.sys -- (moufiltr [On_Demand | Stopped])
DRV - [2007/01/05 22:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2006/12/13 20:32:08 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])
DRV - [2006/11/09 20:01:54 | 00,307,712 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/11/06 01:23:24 | 00,012,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\DRIVERS\PROCDD.SYS -- (PROCDD [Auto | Running])
DRV - [2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 02:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 02:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 02:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 02:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/10/23 14:56:56 | 00,016,192 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\DRIVERS\pelusblf.sys -- (pelusblf [On_Demand | Stopped])
DRV - [2006/10/23 14:55:26 | 00,023,360 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\DRIVERS\pelmouse.sys -- (pelmouse [On_Demand | Stopped])
DRV - [2006/10/18 19:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2003/05/13 19:57:02 | 00,090,357 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\DRIVERS\P1110VID.sys -- (P1110VID [On_Demand | Running])
DRV - [2002/06/11 19:28:50 | 00,379,150 | ---- | M] (C-Media Inc) -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www,google.ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 01:25:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2009/09/20 07:52:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2009/09/20 07:52:10 | 00,000,000 | ---D | M]
[2009/09/20 07:53:30 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Extensions
[2009/09/20 07:53:30 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/14 09:39:37 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Firefox\Profiles\hx7rej8h.default\extensions
[2009/09/20 07:57:22 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Firefox\Profiles\hx7rej8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O1 HOSTS File: (345400 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 11842 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] F:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] F:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a74a2f9-1940-11dd-9a79-0019db7f305f}\Shell\enter\command - "" = F:\freeride.exe -- File not found
O33 - MountPoints2\{46bfc615-0e36-11dc-afec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46bfc615-0e36-11dc-afec-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- File not found
O33 - MountPoints2\{c6c3dbeb-6e2d-11de-a5da-0019db7f305f}\Shell - "" = AutoRun
O33 - MountPoints2\{c6c3dbeb-6e2d-11de-a5da-0019db7f305f}\Shell\AutoRun\command - "" = G:\DPFMate.exe -- File not found
O33 - MountPoints2\{dc303d4a-eb1d-11dc-838b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc303d4a-eb1d-11dc-838b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/10/10 13:05:19 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/10/10 13:04:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/09/23 11:48:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/23 11:48:24 | 00,000,000 | ---D | C] -- C:\Users\cje\AppData\Roaming\Malwarebytes
[2009/09/20 07:52:44 | 00,000,000 | ---D | C] -- C:\Users\cje\AppData\Roaming\Mozilla
[2009/10/14 10:28:10 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/10 13:04:44 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/14 15:20:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/23 17:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/14 15:57:47 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
[2009/10/14 15:29:38 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\cje\Desktop\ATF-Cleaner.exe
[2009/10/14 15:20:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/14 15:20:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/14 08:52:33 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/14 08:52:30 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/14 08:52:22 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/14 08:52:22 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/14 08:52:21 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/14 08:52:19 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/14 08:52:17 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/14 08:52:15 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/14 08:52:11 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/14 08:51:54 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/14 08:51:54 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/14 08:51:37 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/14 08:47:06 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/10 13:06:25 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/10/10 13:06:25 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/10/02 23:00:33 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/09/28 21:47:20 | 00,000,000 | ---D | C] -- C:\Users\cje\Desktop\GooredFix Backups
[2009/09/25 14:30:00 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/09/23 11:58:14 | 00,000,000 | ---D | C] -- C:\Desktop
[2009/09/23 11:29:16 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\cje\Desktop\mbam-setup.exe
========== Files - Modified Within 30 Days ==========
[2009/10/14 16:06:08 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job
[2009/10/14 15:57:20 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
[2009/10/14 15:28:57 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\cje\Desktop\ATF-Cleaner.exe
[2009/10/14 15:20:45 | 00,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/14 14:24:26 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/14 14:24:26 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/14 14:17:57 | 00,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2009/10/14 14:17:56 | 00,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2009/10/14 14:17:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/14 14:16:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/14 09:27:13 | 00,345,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/10/13 23:10:43 | 00,027,033 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/13 23:10:42 | 42,796,740 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/12 20:21:49 | 02,826,352 | -H-- | M] () -- C:\Users\cje\AppData\Local\IconCache.db
[2009/10/12 13:06:02 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/10/10 13:05:09 | 00,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/10 11:55:16 | 00,001,788 | ---- | M] () -- C:\Users\cje\Desktop\HijackThis.lnk
[2009/10/10 10:43:49 | 00,000,622 | ---- | M] () -- C:\Users\cje\Desktop\CCleaner.lnk
[2009/10/07 23:00:47 | 00,345,026 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091014-092713.backup
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/09/30 23:35:50 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/26 16:53:45 | 00,185,344 | ---- | M] () -- C:\Users\cje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 11:29:46 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\cje\Desktop\mbam-setup.exe
[2009/09/23 09:00:12 | 00,336,562 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091007-230047.backup
[2009/09/23 08:56:17 | 00,336,562 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090923-090012.backup
[2009/09/20 21:23:20 | 00,000,504 | ---- | M] () -- C:\Users\cje\Desktop\Ares.lnk
[2009/09/20 07:52:33 | 00,000,664 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/09/15 06:37:14 | 00,638,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/15 06:37:13 | 00,747,718 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/15 06:37:13 | 00,121,986 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files - No Company Name ==========
[2009/10/14 15:20:45 | 00,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/10 13:07:19 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/10/10 13:05:09 | 00,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/09/23 17:54:09 | 00,001,788 | ---- | C] () -- C:\Users\cje\Desktop\HijackThis.lnk
[2009/09/20 21:23:20 | 00,000,504 | ---- | C] () -- C:\Users\cje\Desktop\Ares.lnk
[2009/09/20 07:52:33 | 00,000,664 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/09/09 21:48:59 | 00,000,760 | ---- | C] () -- C:\Users\cje\AppData\Roaming\setup_ldm.iss
[2009/07/28 11:40:12 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/20 15:49:32 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/20 15:49:24 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/20 15:49:23 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/20 15:49:17 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/03/20 15:49:16 | 00,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/09 12:24:45 | 00,000,091 | ---- | C] () -- C:\Users\cje\AppData\Local\fusioncache.dat
[2008/04/21 17:55:43 | 00,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini
[2008/04/21 17:54:18 | 00,028,145 | ---- | C] () -- C:\Windows\CMIJACK.INI
[2008/04/21 17:54:17 | 00,017,824 | ---- | C] () -- C:\Windows\CMAUDIO.INI
[2008/04/21 17:54:17 | 00,000,411 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2008/04/21 17:54:17 | 00,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI
[2008/04/07 09:55:39 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/10 23:47:50 | 00,025,773 | ---- | C] () -- C:\Users\cje\AppData\Roaming\UserTile.png
[2008/03/04 12:48:05 | 00,185,344 | ---- | C] () -- C:\Users\cje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 12:44:00 | 00,002,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/03/04 12:44:00 | 00,000,088 | RHS- | C] () -- C:\Windows\System32\02C8A36D20.sys
[2008/03/03 21:06:28 | 00,107,256 | ---- | C] () -- C:\Users\cje\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/03/03 20:53:31 | 02,826,352 | -H-- | C] () -- C:\Users\cje\AppData\Local\IconCache.db
[2008/03/03 20:53:31 | 00,007,944 | ---- | C] () -- C:\Users\cje\AppData\Local\d3d9caps.dat
[2007/05/29 16:09:25 | 01,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/05/29 15:54:51 | 00,006,257 | ---- | C] () -- C:\Windows\System32\Setup2k.ini
[2007/05/29 15:54:51 | 00,000,302 | ---- | C] () -- C:\Windows\System32\presetup.ini
[2007/05/29 15:54:48 | 00,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2006/12/15 04:32:52 | 00,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2006/12/15 04:32:44 | 00,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2006/11/02 05:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 03:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,128 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 01:43:04 | 00,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/04/23 09:36:42 | 00,298,496 | ---- | C] () -- C:\Windows\System32\dbfb.dll
[2003/08/18 03:46:38 | 00,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2002/11/13 08:40:22 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2002/09/13 04:40:06 | 00,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
========== LOP Check ==========
[2009/09/23 11:48:24 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming
[2009/05/08 10:08:01 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Auslogics
[2008/09/10 09:43:44 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Corel
[2008/04/21 21:59:58 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\dvdcss
[2008/03/12 20:32:37 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\ESTsoft
[2009/05/12 14:40:39 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\gtk-2.0
[2009/08/31 12:17:29 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\InterTrust
[2008/12/09 12:24:16 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\LaCie
[2008/03/03 21:08:17 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Leadertech
[2008/03/03 21:07:19 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Lenovo
[2008/03/10 23:47:50 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\PeerNetworking
[2009/02/26 10:24:43 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Privacy components
[2009/10/12 13:06:02 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/10/14 14:17:19 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/14 14:15:22 | 00,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/14 16:06:08 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job
========== Purity Check ==========
< End of report >
-----------------------------
And The Extras:
OTL Extras logfile created on: 14/10/2009 4:04:21 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\cje\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.44 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 59.72% Memory free
3.12 Gb Paging File | 2.29 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.29 Gb Total Space | 19.44 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 362.28 Gb Free Space | 77.80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-MASTER
Current User Name: cje
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05191D86-7432-4803-98AA-1A377FF064A8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1736A70F-940F-437F-8197-C7A4FE20F543}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55C3F550-BDA7-4A4B-B64E-7558702DF5E1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62810C37-A2D1-4B46-B928-916DA424AFE0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70D2EA0C-366D-48AB-A247-81BFB3EBF8F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D739E71-932C-4515-880B-D4684FA9E4B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88377278-DD86-4ECD-8BB1-39FF41266DE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D868ADA0-57C7-43E3-9999-A50B6CE0A706}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DCC25821-6534-4521-A9C4-7DDC9E7AC102}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E709B08B-9EEE-4F79-912E-BD40DFDAC2BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E89C92DC-0973-4BA3-A869-0CB3B8BE9B21}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065C19EB-862E-4E8A-BFAD-C4EFDDFAFDAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07CE5A23-10C7-4C2B-8120-8F04B65D148A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07E4458D-0526-44EA-9A52-9CDB62AEDF15}" = protocol=6 | dir=out | app=system |
"{0BCCDEC7-9160-4FBB-9AF7-D09EB9BADA90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EF94F4B-7319-4DFC-833B-D3D87E1D4EDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{335EA1D4-91B1-4B34-A665-8A1B3C5A07D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{389EB451-8692-443A-A342-85101320B7D8}" = dir=in | app=f:\program files\avg\avg8\avgupd.exe |
"{4A12F0DE-03C8-4F84-9D4F-E2AB464B40D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E0B686E-70A0-421C-839F-1F1B3276ADFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60E3F3A4-040E-4144-AEFB-AED12FDD789E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C001C29-88EC-418D-B50D-D3C36CE2500D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9C1F178C-0C4B-47A2-BE45-1CC6FA1A3DE4}" = dir=in | app=f:\program files\avg\avg8\avgnsx.exe |
"{B17DA783-9BEF-4307-9799-6C633E55E6A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BCDDD71A-47AE-4183-88BC-C37358582BBF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C86CF742-E6F0-454C-8EF2-1EF17EA418FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5D1EBC5-5EBB-48D0-8062-3FC44F287594}" = dir=in | app=f:\program files\avg\avg8\avgemc.exe |
"{DD6331FB-1FBA-4FD0-BA38-AB495ED44C46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E72428E9-A228-4835-81EB-473A9D7E6566}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{16A99F20-C3B6-4F97-BE9B-BBA4D5B6F18E}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{1FBF0923-BCBC-4816-9ADD-F935BA49581A}F:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=f:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{A2712EA4-97DA-4A5A-99D3-8394596AA25D}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{C2F2541D-58E8-42C3-A098-CF3FAA8DB16C}F:\program files\ares\ares.exe" = protocol=6 | dir=in | app=f:\program files\ares\ares.exe |
"TCP Query User{E188B897-71FD-4B18-9264-B8A098B74DD0}F:\program files\ares\ares.exe" = protocol=6 | dir=in | app=f:\program files\ares\ares.exe |
"UDP Query User{1DD9B949-C0E0-4512-892C-D2EEFBBC70FA}F:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=f:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{4038C903-9956-4908-A62F-C124CAC9BC16}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{5FA7B5C5-5D96-4A36-B6C4-EF80C404D3BE}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{D7F35B64-DE04-43E3-8EA6-7770366AD778}F:\program files\ares\ares.exe" = protocol=17 | dir=in | app=f:\program files\ares\ares.exe |
"UDP Query User{E783EBDE-6914-450B-81CD-D1465D1EA00F}F:\program files\ares\ares.exe" = protocol=17 | dir=in | app=f:\program files\ares\ares.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}" = LaCie Backup Software v1.5.2378
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"14E144FD689BCFE1A7AC6368126C1D366579C464" = Windows Driver Package - AnalogDevices (ADIHdAudAddService) MEDIA (11/10/2006 6.10.01.6030)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Ares" = Ares 2.1.1
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"CBA73C95F2C3CA9DD39F168A5EB3BBD5D64B7CEE" = Windows Driver Package - NVIDIA Corporation (nvstor32) SCSIAdapter (12/11/2006 5.10.2600.0930)
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative PC-CAM Center" = Creative PC-CAM Center Lite
"Creative PD1110" = Creative WebCam NX Driver (1.02.01.0827)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX User's Guide English" = Creative WebCam NX User's Guide (English)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E3BE7787A4B378769FEF2ED6DDF8185A13A3DD6F" = Windows Driver Package - NVIDIA (nvlddmkm) Display (12/10/2006 7.15.10.9748)
"ESET Online Scanner" = ESET Online Scanner v3
"Flash Games_is1" = Flash Games 1.0
"HijackThis" = HijackThis 2.0.2
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"PSPVideoExpress" = PSP Video Express(remove only)
"VLC media player" = VideoLAN VLC media player 0.8.6e
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15/12/2008 2:00:23 PM | Computer Name = PC-Master | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, time stamp 0x47c5c9c1,
faulting module libvlc.dll, version 0.0.0.0, time stamp 0x47c5c9c1, exception code
0xc0000005, fault offset 0x0001b443, process id 0x51c, application start time 0x01c95edea770c077.
Error - 22/12/2008 1:23:42 PM | Computer Name = PC-Master | Source = Windows Search Service | ID = 3013
Description =
Error - 25/12/2008 5:52:31 AM | Computer Name = PC-Master | Source = VSS | ID = 8194
Description =
Error - 05/01/2009 4:44:53 PM | Computer Name = PC-Master | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, time stamp 0x47c5c9c1,
faulting module libvlc.dll, version 0.0.0.0, time stamp 0x47c5c9c1, exception code
0xc0000005, fault offset 0x0001b812, process id 0x15f8, application start time 0x01c96f7515b72270.
Error - 06/01/2009 2:20:41 PM | Computer Name = PC-Master | Source = Application Hang | ID = 1002
Description = The program PQDVD_PSP.exe version 1.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dd0 Start Time: 01c96ff1a8b599a8 Termination Time: 98
Error - 11/01/2009 9:05:23 PM | Computer Name = PC-Master | Source = Application Hang | ID = 1002
Description = The program MP3GainGUI.exe version 1.2.0.5 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1314 Start Time: 01c97446faaee64b Termination Time: 26
Error - 12/01/2009 3:32:19 PM | Computer Name = PC-Master | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, time stamp 0x47c5c9c1,
faulting module libvlc.dll, version 0.0.0.0, time stamp 0x47c5c9c1, exception code
0xc0000005, fault offset 0x0001b443, process id 0x1500, application start time 0x01c974e4f1cf7400.
Error - 16/01/2009 4:25:03 PM | Computer Name = PC-Master | Source = Application Error | ID = 1000
Description = Faulting application DkService.exe, version 9.0.545.0, time stamp
0x455baedc, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xc0000005, fault offset 0x0004502e, process id 0x438, application
start time 0x01c972ad91a075fb.
Error - 17/01/2009 3:21:37 AM | Computer Name = PC-Master | Source = Application Hang | ID = 1002
Description = The program DivX Player.exe version 6.8.2.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f4c Start Time: 01c97873d1ab33c0 Termination Time: 169
Error - 19/01/2009 4:27:53 AM | Computer Name = PC-Master | Source = Diskeeper | ID = 25
Description = RPC error. Diskeeper failed to connect to the service. Error code
is 1.
[ System Events ]
Error - 13/10/2009 10:32:21 AM | Computer Name = PC-Master | Source = Service Control Manager | ID = 7011
Description =
Error - 14/10/2009 12:05:12 PM | Computer Name = PC-Master | Source = Service Control Manager | ID = 7000
Description =
Error - 14/10/2009 12:05:22 PM | Computer Name = PC-Master | Source = Service Control Manager | ID = 7026
Description =
Error - 14/10/2009 12:05:22 PM | Computer Name = PC-Master | Source = Service Control Manager | ID = 7034
Description =
Error - 14/10/2009 12:05:23 PM | Computer Name = PC-Master | Source = LSM | ID = 1048
Description =
Error - 14/10/2009 12:18:59 PM | Computer Name = PC-Master | Source = Service Control Manager | ID = 7031
Description =
Error - 14/10/2009 5:18:41 PM | Computer Name = PC-Master | Source = Service Control Manager | ID = 7000
Description =
Error - 14/10/2009 5:18:47 PM | Computer Name = PC-Master | Source = Service Control Manager | ID = 7026
Description =
Error - 14/10/2009 5:18:47 PM | Computer Name = PC-Master | Source = Service Control Manager | ID = 7034
Description =
Error - 14/10/2009 5:18:48 PM | Computer Name = PC-Master | Source = LSM | ID = 1048
Description =
< End of report >
------------------------------------------------
I downloaded 'Security Check.exe' and saved to desktop... When I tried to run the error mess. states <C:\Users\cje\Desktop\SecurityCheck.exe is not a valid Win32 application.> ?? :(
-----------------------------------------------------------------------------
Reading a few of the posts lets me find more tests.... :)
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=f6bddda36f99d0438e409ac6ea10cb23
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-14 08:10:08
# local_time=2009-10-14 01:10:08 (-0800, Pacific Daylight Time)
# country="Canada"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1026 61 83 97 5691162049056
# compatibility_mode=5889 61 66 100 548226893952564
# scanned=106750
# found=0
# cleaned=0
# scan_time=9365
------------------------------------------------------------------------------------
I am at witts end, pulling (what little i have left of) hair out.. lol
Seriously though I am at a loss and would appreciate any help givin..
Thanks for listening... Chris
Full Version: help!! Im infected!! (or not?)
Rename mbam.exe and see if it will run.
THen run combofix per the following. Be sure to rename combofix.exe also before running.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
THen run combofix per the following. Be sure to rename combofix.exe also before running.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
Hi, and thanks for replying to the post...
I tried to rename mbam.exe to something else but the computer will not let me as I 'do not have permission' to perfom those actions??!!?.
Im in process of running Combofix (of which I have renamed <ComboThis.exe> ); after opening, it will find Norton Internet Security; (antivirus and antispyware), *of which I did not know was even there!!*. I do not like Norton, (I think it is a resorce hog and would like to uninstall), but I can not find it in the programs and features (uninstall) list. The only way I can find it, is if I use "search" - advanced (looking through non indexed and system files) <C\SWTOOLS> etc...
How can I find an uninstaller (from the internet as I think mine is erased or corrupt) or can I force norton to open, and / or turn it off?
I hope so ... I will wait a day or two before continuing with combofix...
Ps sorry my response took so long, I had an abcessed tooth and was not concerned with the computer for a couple of days. < is better now :) >
Thank you in advance.. C
I tried to rename mbam.exe to something else but the computer will not let me as I 'do not have permission' to perfom those actions??!!?.
Im in process of running Combofix (of which I have renamed <ComboThis.exe> ); after opening, it will find Norton Internet Security; (antivirus and antispyware), *of which I did not know was even there!!*. I do not like Norton, (I think it is a resorce hog and would like to uninstall), but I can not find it in the programs and features (uninstall) list. The only way I can find it, is if I use "search" - advanced (looking through non indexed and system files) <C\SWTOOLS> etc...
How can I find an uninstaller (from the internet as I think mine is erased or corrupt) or can I force norton to open, and / or turn it off?
I hope so ... I will wait a day or two before continuing with combofix...
Ps sorry my response took so long, I had an abcessed tooth and was not concerned with the computer for a couple of days. < is better now :) >
Thank you in advance.. C
So when I closed the combofix screen and went out for a smoke, i came back and the test was 2/3rds finished... oops.. now I cannot find the report.. (C:\combofix.txt)
it did erase about 6 or 7 files ( it went through pretty fast ) and reboot the comp. for me.
thought you should know... thanks. C
Look for the Combofic logs in C:\Combofix\
I looked there, but could not find any such folder (or txt file for that matter)... ??
In <C:> is 1 'file' (labled as a file) with the name "ComboThis" but if I hover over, it says <Shows the disk drives and hardware connected to this computer>. And if I click on it, it does just that. I thought, since I renamed Combofix .exe to ComboThis .exe (saved on the desktop), maybe this was why it had that name.
I have lost my desktop wallpaper, and cannot replace it... all there is, is a black screen, (and I usually hide the quick launch and desktop icons). I was waiting for 15 min. for the computer to reboot when it was already finished.. :)
I tried to put a new walpaper but it did nothing.
Any Ideas on how to get rid of Norton so I can run the ComboFix test again? To get my (any) desktop walpaper back? Or otherwise?.?
Thanks C
In <C:> is 1 'file' (labled as a file) with the name "ComboThis" but if I hover over, it says <Shows the disk drives and hardware connected to this computer>. And if I click on it, it does just that. I thought, since I renamed Combofix .exe to ComboThis .exe (saved on the desktop), maybe this was why it had that name.
I have lost my desktop wallpaper, and cannot replace it... all there is, is a black screen, (and I usually hide the quick launch and desktop icons). I was waiting for 15 min. for the computer to reboot when it was already finished.. :)
I tried to put a new walpaper but it did nothing.
Any Ideas on how to get rid of Norton so I can run the ComboFix test again? To get my (any) desktop walpaper back? Or otherwise?.?
Thanks C
For Norton/Symantec removal, always try using Add/Remove Programs first. If that fails, or as a follow up, use the following...
http://service1.symantec.com/SUPPORT/tsgen...v=&osv_lvl=[/url]
http://service1.symantec.com/SUPPORT/tsgen...v=&osv_lvl=[/url]
All I could find in programs and features was : (for N) NVIDIA Drivers [and] (for S) was :SoundMAX [and] Spybot - Search & Destroy.
Thanks for the removal tool... I could not find Norton (or Symantec) listed anywhere, and could not find a (local) uninstaller...
It apparentally worked, because when I ran ComboFix (now named : ComboFix ), It asked to be updated, but had no other issues.
Curiously though, the file saved last time I ran the test, (named ComboThis) has been changed to <ComboThis26043C> (still goes to the same place though). Now above it is a new folder named ComboThis; ( I renamed the program to Combofix ???), containing two files <PEV.cfxxe> and <swxcacls.cfxxe>. I thought they would be .txt ? Oh well, would you like me to post both of these? Thanks C { p.s. my time is currently 11:55 p.m. [sat. night] now i get the time difference .... :) }
Thanks for the removal tool... I could not find Norton (or Symantec) listed anywhere, and could not find a (local) uninstaller...
It apparentally worked, because when I ran ComboFix (now named : ComboFix ), It asked to be updated, but had no other issues.
Curiously though, the file saved last time I ran the test, (named ComboThis) has been changed to <ComboThis26043C> (still goes to the same place though). Now above it is a new folder named ComboThis; ( I renamed the program to Combofix ???), containing two files <PEV.cfxxe> and <swxcacls.cfxxe>. I thought they would be .txt ? Oh well, would you like me to post both of these? Thanks C { p.s. my time is currently 11:55 p.m. [sat. night] now i get the time difference .... :) }
Please post the COmbofix log from the latest run..
whenever I click on the previously mentioned files, (saved in C:\ComboThis ) the computer will not let me open/ move / or edit either of them. It only states thet <Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item>
the walpaper has restored itself... but none of the anti spyware programs will run (fully) yet.
C
the walpaper has restored itself... but none of the anti spyware programs will run (fully) yet.
C
The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.
The download is in ISO format.
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.
Download the Kaspersky Rescue Disk:
http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
[*]Burn the Kaspersky Rescue Disk ISO image to CD.
[*]Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
[*]Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
[*]Select your language (or wait a few seconds for the default English to load).
[*]Your screen may go blank for several minutes while the program loads.
[*]After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
[*]Place a checkmark in all the available drives to scan the entire system.
[*]Click the "Security level" option, and select options.
[*]Click the "On threat detection" option
[*]Click the "Start scan" button.
[*]When the scan has completed, click the Reports button.
[*]Click the Exit button to close the Rescue Disk program and confirm.
In the lower left of the screen, left-click the red K button, select Logout, and confirm.
[*]The computer will shut down.
[*]Restart the computer and reboot normally.
[*]Please post the log (krd-log.txt) in your next reply.[/list]
The download is in ISO format.
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.
Download the Kaspersky Rescue Disk:
http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
[*]Burn the Kaspersky Rescue Disk ISO image to CD.
[*]Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
[*]Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
[*]Select your language (or wait a few seconds for the default English to load).
[*]Your screen may go blank for several minutes while the program loads.
[*]After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
- Click the Update tab to view the update progress.
- When the update has completed, click the Scan tab.
[*]Place a checkmark in all the available drives to scan the entire system.
[*]Click the "Security level" option, and select options.
- Make sure "All Files" is selected
- Under "Scan of compound files" ensure all options are selected and click the OK button.
[*]Click the "On threat detection" option
- Select "Do not prompt", "Disinfect", and "Delete if disinfection fails".
[*]Click the "Start scan" button.
[*]When the scan has completed, click the Reports button.
- Click the Save button, and select your System drive (normally your C: drive)
- In the "File name" box, name the file krd-log and click the Save button.
- Click Close to close the Reports window.
[*]Click the Exit button to close the Rescue Disk program and confirm.
In the lower left of the screen, left-click the red K button, select Logout, and confirm.
[*]The computer will shut down.
[*]Restart the computer and reboot normally.
[*]Please post the log (krd-log.txt) in your next reply.[/list]
THANK YOU !!! For the Kaspersky Rescue Disk...
I ran the ISO disk as per instruction, the program ran for 14 hours and 23 min! It found and removed a trojan, and my computer appears to be clean?!?
I looked for the log file I saved (krd-log) on C:/ but could not find it???
Tried to do the search feature but did not find even if hidden / system file etc...
So I ran Spybot... everything worked, including the test, (which came up 'clean').
Disk Cleanup, CCleaner, and AdAware all ran fine and clean...
When I tried to run HyjackThis it still states i do not have "permissions".
msn messenger will now stay open!!
All other programs I have tried so far, (except HJT), have worked properly.. :)
The last test I ran was Malwarebytes, which found and removed an additional trojan...
test results (from malwarebytes) as follows
---------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.41
Database version: 3120
Windows 6.0.6002 Service Pack 2
07/11/2009 9:50:56 PM
mbam-log-2009-11-07 (21-50-56).txt
Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 228379
Time elapsed: 1 hour(s), 22 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------------------------------------------------------------------
Incidentally, I tried to uninstall HyJackThis (In Programs and Features) but was unable to. Again telling me that I do not have the appropriate permissions to uninstall, please contact my administrator.(??)
When I boot the computer, I sign in as admin, and have no other user profiles on this machine... That confuses me.
So, one last request, how do i uninstall HyJackThis from this machine; since it is useless if it will not run.
Again thank you for the boot disk (ISO) it (seems to have) worked well. ... :) C.
I ran the ISO disk as per instruction, the program ran for 14 hours and 23 min! It found and removed a trojan, and my computer appears to be clean?!?
I looked for the log file I saved (krd-log) on C:/ but could not find it???
Tried to do the search feature but did not find even if hidden / system file etc...
So I ran Spybot... everything worked, including the test, (which came up 'clean').
Disk Cleanup, CCleaner, and AdAware all ran fine and clean...
When I tried to run HyjackThis it still states i do not have "permissions".
msn messenger will now stay open!!
All other programs I have tried so far, (except HJT), have worked properly.. :)
The last test I ran was Malwarebytes, which found and removed an additional trojan...
test results (from malwarebytes) as follows
---------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.41
Database version: 3120
Windows 6.0.6002 Service Pack 2
07/11/2009 9:50:56 PM
mbam-log-2009-11-07 (21-50-56).txt
Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 228379
Time elapsed: 1 hour(s), 22 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------------------------------------------------------------------
Incidentally, I tried to uninstall HyJackThis (In Programs and Features) but was unable to. Again telling me that I do not have the appropriate permissions to uninstall, please contact my administrator.(??)
When I boot the computer, I sign in as admin, and have no other user profiles on this machine... That confuses me.
So, one last request, how do i uninstall HyJackThis from this machine; since it is useless if it will not run.
Again thank you for the boot disk (ISO) it (seems to have) worked well. ... :) C.
Let's take a look in more depth before we sign off. (We can also use this program to remove HiJackThis).
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
\
Please copy/paste the following into your post (in order):
Please do NOT use the Attachment feature, despite what you might see in any of the above TXT files!
Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
- Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.
- In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
- Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
- Do not TOUCH your keyboard until the scan completes!
- It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
- Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
- Exit OTL by clicking the X at top right.
\
Please copy/paste the following into your post (in order):
- the contents of OTL.txt
- the contents of Extras.txt
Please do NOT use the Attachment feature, despite what you might see in any of the above TXT files!
ok no problem... couple ?'s though...
I have OTL.exe on the desktop, (as well as OTL.txt and Extras.txt), is this one ok to use (I will move the exsiting save files somewhere else with a date soas to not post the older one); or should I just get a fresh copy of the program?
When you say to close all items on the taskbar, does this include Defender, AVG, windows update; (which still will not download and / or RUN the windows malicious software removal tool for Oct. never mind Nov.), Messenger and the like? Meaning the icons beside the clock... And I suppose it would not be a good thing to have background schedualed tasks (eg. AVG sched. scan) run during this test, ( I will pick a different time anyways)
I have OTL.exe on the desktop, (as well as OTL.txt and Extras.txt), is this one ok to use (I will move the exsiting save files somewhere else with a date soas to not post the older one); or should I just get a fresh copy of the program?
When you say to close all items on the taskbar, does this include Defender, AVG, windows update; (which still will not download and / or RUN the windows malicious software removal tool for Oct. never mind Nov.), Messenger and the like? Meaning the icons beside the clock... And I suppose it would not be a good thing to have background schedualed tasks (eg. AVG sched. scan) run during this test, ( I will pick a different time anyways)
You can use the OTL you have installed.
Closing open Windows only refers to intems in the Task Bar itself, not in the notification area.
Closing open Windows only refers to intems in the Task Bar itself, not in the notification area.
O.k. , I did the test and got the test results (there was no 'Extras.txt' to save???). This is the result for OTL.exe...
OTL logfile created on: 11/11/2009 5:15:03 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\cje\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.44 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 53.77% Memory free
3.12 Gb Paging File | 2.33 Gb Available in Paging File | 74.59% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.29 Gb Total Space | 18.16 Gb Free Space | 25.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 360.31 Gb Free Space | 77.38% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-MASTER
Current User Name: cje
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/11/10 02:22:03 | 02,016,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/07 14:35:08 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/07 13:08:57 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/07 13:08:57 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/07 13:08:57 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/07 13:08:57 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/07 13:08:57 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/07 13:08:56 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/14 14:57:20 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
PRC - [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/10 22:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/10 22:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/02/06 18:32:08 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/03/04 09:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/01/18 23:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/18 23:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/10/09 15:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/09/26 16:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/12/21 18:40:06 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/12/13 22:13:02 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2006/12/13 22:11:14 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/12/13 21:59:04 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/11/19 21:10:04 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006/11/15 15:21:56 | 00,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 15:20:46 | 00,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2003/08/18 02:37:09 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE
PRC - [2003/08/18 02:32:55 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXPPS.EXE
PRC - [2003/06/26 03:02:00 | 00,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe
PRC - [2002/06/11 23:23:54 | 01,495,040 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\Windows\mixer.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/11/07 14:35:08 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/11/07 13:08:57 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc [Auto | Running])
SRV - [2009/11/07 13:08:56 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd [Auto | Running])
SRV - [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache [On_Demand | Stopped])
SRV - [2009/04/10 22:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/03/29 20:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/29 20:42:10 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/18 10:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/18 10:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 10:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/06 18:32:08 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2008/03/04 09:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2008/01/18 23:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/18 23:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2007/10/09 15:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
SRV - [2007/09/26 16:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
SRV - [2006/12/21 18:40:06 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
SRV - [2006/12/13 22:13:02 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
SRV - [2006/12/13 22:11:14 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
SRV - [2006/11/19 21:10:04 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
SRV - [2006/11/15 15:20:46 | 00,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/08/18 02:37:09 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2009/11/10 02:22:00 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/11/07 13:09:42 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/11/07 13:09:42 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/03 06:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/02/29 03:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 03:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/01/26 02:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2008/01/18 20:25:04 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Running])
DRV - [2007/05/29 15:14:36 | 00,033,536 | ---- | M] (Lenovo) -- C:\Windows\System32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Running])
DRV - [2007/04/09 08:50:34 | 00,009,600 | ---- | M] (Waytech Development, Inc.) -- C:\Windows\System32\Drivers\UsbFltr.sys -- (UsbFltr [On_Demand | Stopped])
DRV - [2007/03/22 20:47:00 | 07,467,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2007/02/18 21:56:46 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2007/01/09 08:22:28 | 00,006,144 | ---- | M] (Chic) -- C:\Windows\System32\DRIVERS\moufiltr.sys -- (moufiltr [On_Demand | Stopped])
DRV - [2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2006/12/13 19:32:08 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])
DRV - [2006/11/09 19:01:54 | 00,307,712 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/11/06 00:23:24 | 00,012,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\DRIVERS\PROCDD.SYS -- (PROCDD [Auto | Running])
DRV - [2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 01:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 01:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 01:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/10/23 13:56:56 | 00,016,192 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\DRIVERS\pelusblf.sys -- (pelusblf [On_Demand | Stopped])
DRV - [2006/10/23 13:55:26 | 00,023,360 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\DRIVERS\pelmouse.sys -- (pelmouse [On_Demand | Stopped])
DRV - [2006/10/18 18:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2003/05/13 18:57:02 | 00,090,357 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\DRIVERS\P1110VID.sys -- (P1110VID [On_Demand | Running])
DRV - [2002/06/11 18:28:50 | 00,379,150 | ---- | M] (C-Media Inc) -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 00:25:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/10 08:01:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2009/09/20 07:52:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2009/09/20 07:52:10 | 00,000,000 | ---D | M]
[2009/09/20 06:53:30 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Extensions
[2009/09/20 06:53:30 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 18:17:45 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Firefox\Profiles\hx7rej8h.default\extensions
[2009/09/20 06:57:22 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Firefox\Profiles\hx7rej8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O1 HOSTS File: (351990 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12068 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [combofix] C:\ComboThis26043C\CF24323.exe ()
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/11/07 14:33:49 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/11/07 13:08:52 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/07 13:43:31 | 00,000,000 | ---D | C] -- C:\Users\cje\AppData\Roaming\AVG9
[2009/11/06 09:29:30 | 00,000,000 | ---D | C] -- C:\Users\cje\AppData\Roaming\ImgBurn
[2009/10/14 09:28:10 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/07 14:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/11/08 01:36:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/07 11:51:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/11 16:20:33 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/11 16:20:15 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/09 21:49:23 | 00,000,000 | ---D | C] -- C:\Users\cje\Desktop\NOV2009FixTXTs
[2009/11/08 01:35:17 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/11/08 01:35:15 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/08 01:35:13 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/07 20:15:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/07 20:15:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/07 14:35:36 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/11/07 13:09:52 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/07 12:12:27 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/11/07 12:12:26 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/11/07 12:12:26 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/11/07 12:12:26 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/07 12:12:26 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/11/07 12:12:25 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/11/07 12:12:25 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/11/07 12:12:24 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/11/07 12:12:23 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/11/07 12:12:23 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/11/07 12:12:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/11/07 12:12:22 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/11/07 12:12:22 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/11/07 12:12:22 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/11/07 12:12:22 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/11/07 12:12:21 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/11/07 12:12:21 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/11/07 12:12:20 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/11/07 12:10:15 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/11/07 12:10:14 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/11/07 12:10:14 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/11/07 12:10:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/11/07 12:10:13 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/11/07 12:10:13 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/11/07 12:10:13 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/11/07 12:10:13 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/11/07 12:10:13 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/11/07 12:10:13 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/11/07 12:10:12 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/11/07 12:10:11 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/11/07 12:10:11 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/11/07 12:10:11 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/11/07 12:10:10 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/11/07 12:10:10 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/11/07 12:10:10 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/11/07 12:10:10 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/11/07 12:10:09 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/11/07 12:10:09 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/11/07 12:10:08 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/11/07 12:10:08 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/11/07 12:10:08 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/11/07 12:10:08 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/11/07 12:10:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/11/07 12:10:05 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/11/07 12:10:05 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/11/07 12:10:05 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/11/07 12:10:05 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/11/07 12:10:05 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/11/07 12:10:05 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/11/07 12:10:04 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/11/07 12:10:04 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/11/07 11:44:56 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/07 11:44:55 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/07 11:44:54 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/07 11:44:16 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/11/07 11:44:15 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/11/07 11:44:15 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/07 11:44:15 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/07 11:44:14 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/07 11:44:14 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/07 11:44:13 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/07 11:44:13 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/07 11:44:13 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/07 11:44:13 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/07 11:44:13 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/07 11:44:13 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/07 11:44:13 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodec-- The nicest hobby on Earth ;) --t.dll
[2009/11/07 11:44:13 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/07 11:44:12 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/07 11:44:12 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/07 11:44:12 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/07 11:44:12 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/07 11:44:12 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/07 11:44:12 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/07 11:44:12 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/07 11:44:12 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/07 11:44:11 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/07 11:44:11 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/07 11:44:11 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/07 11:44:11 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/07 11:44:11 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/07 11:43:40 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/11/07 11:43:40 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/07 11:43:40 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/07 11:43:36 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/07 11:43:34 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/11/07 11:43:34 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/07 11:43:34 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/07 11:43:34 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/07 11:43:34 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/07 11:43:34 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClas-- The nicest hobby on Earth ;) --tension.dll
[2009/11/07 11:43:34 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/11/07 11:43:33 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/07 11:42:13 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/07 11:42:13 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/11/07 11:42:13 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/27 23:39:04 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/27 23:39:01 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/27 23:38:59 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/24 21:52:29 | 00,000,000 | --SD | C] -- C:\ComboThis26043C
[2009/10/24 21:17:05 | 00,793,200 | ---- | C] (Symantec Corporation) -- C:\Users\cje\Desktop\Norton_Tool.exe
[2009/10/22 22:40:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/22 22:40:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/22 22:40:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/22 22:40:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/22 22:40:22 | 00,000,000 | --SD | C] -- C:\ComboThis
[2009/10/22 20:58:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/22 20:11:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/21 00:39:36 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/21 00:39:36 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/21 00:39:36 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/21 00:39:36 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/21 00:39:02 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/21 00:39:02 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/21 00:39:02 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/21 00:38:30 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/21 00:38:30 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/20 20:08:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/20 20:08:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/20 20:08:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/14 14:57:47 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
[2009/10/14 14:29:38 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\cje\Desktop\ATF-Cleaner.exe
[2009/10/14 07:52:33 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/14 07:52:30 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/14 07:51:54 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/14 07:51:54 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/14 07:51:37 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/14 07:47:06 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
========== Files - Modified Within 30 Days ==========
[2009/11/11 17:01:30 | 00,747,718 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/11 17:01:30 | 00,638,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/11 17:01:30 | 00,121,986 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/11 16:55:50 | 00,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2009/11/11 16:55:50 | 00,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2009/11/11 16:55:44 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 16:55:44 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 16:55:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/11 16:55:24 | 00,387,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/11 16:55:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/11 02:38:30 | 44,947,123 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/11 02:37:53 | 00,088,832 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/10 18:00:43 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job
[2009/11/10 08:00:00 | 02,959,118 | -H-- | M] () -- C:\Users\cje\AppData\Local\IconCache.db
[2009/11/10 07:24:46 | 00,211,968 | ---- | M] () -- C:\Users\cje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 02:22:00 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/09 13:06:24 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/07 20:15:25 | 00,000,530 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 14:33:45 | 00,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/07 13:09:42 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/07 13:09:42 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/07 13:09:35 | 00,001,657 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/07 13:09:27 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/07 13:09:27 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/07 11:46:34 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/07 09:58:13 | 00,000,622 | ---- | M] () -- C:\Users\cje\Desktop\CCleaner.lnk
[2009/11/07 01:34:52 | 00,351,990 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/06 09:14:02 | 00,000,606 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/24 21:50:32 | 03,365,061 | R--- | M] () -- C:\Users\cje\Desktop\ComboFix.exe
[2009/10/24 21:17:11 | 00,793,200 | ---- | M] (Symantec Corporation) -- C:\Users\cje\Desktop\Norton_Tool.exe
[2009/10/22 23:22:20 | 00,348,488 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091107-013452.backup
[2009/10/22 14:45:24 | 00,103,193 | ---- | M] () -- C:\Users\cje\Documents\NeedleDowntown.xps
[2009/10/22 08:16:56 | 00,348,488 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091023-002220.backup
[2009/10/21 02:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/21 00:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/14 15:41:57 | 00,000,000 | ---- | M] () -- C:\Users\cje\Desktop\SecurityCheck.exe
[2009/10/14 14:57:20 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
[2009/10/14 14:28:57 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\cje\Desktop\ATF-Cleaner.exe
[2009/10/14 08:27:13 | 00,345,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091022-091656.backup
========== Files - No Company Name ==========
[2009/11/07 20:15:25 | 00,000,530 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 14:33:45 | 00,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/07 13:09:35 | 00,001,657 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/07 12:12:23 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/11/07 11:46:34 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/06 09:14:02 | 00,000,606 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/10/22 22:40:34 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/22 22:40:34 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/22 22:40:34 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/22 22:40:34 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/22 18:47:32 | 03,365,061 | R--- | C] () -- C:\Users\cje\Desktop\ComboFix.exe
[2009/10/22 14:45:21 | 00,103,193 | ---- | C] () -- C:\Users\cje\Documents\NeedleDowntown.xps
[2009/10/14 15:42:38 | 00,000,000 | ---- | C] () -- C:\Users\cje\Desktop\SecurityCheck.exe
[2009/09/09 20:48:59 | 00,000,760 | ---- | C] () -- C:\Users\cje\AppData\Roaming\setup_ldm.iss
[2009/07/28 10:40:12 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/20 14:49:32 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/20 14:49:24 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/20 14:49:23 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/20 14:49:17 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/03/20 14:49:16 | 00,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/09 11:24:45 | 00,000,091 | ---- | C] () -- C:\Users\cje\AppData\Local\fusioncache.dat
[2008/04/21 16:55:43 | 00,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini
[2008/04/21 16:54:18 | 00,028,145 | ---- | C] () -- C:\Windows\CMIJACK.INI
[2008/04/21 16:54:17 | 00,017,824 | ---- | C] () -- C:\Windows\CMAUDIO.INI
[2008/04/21 16:54:17 | 00,000,411 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2008/04/21 16:54:17 | 00,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI
[2008/04/07 08:55:39 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/10 22:47:50 | 00,025,773 | ---- | C] () -- C:\Users\cje\AppData\Roaming\UserTile.png
[2008/03/04 11:48:05 | 00,211,968 | ---- | C] () -- C:\Users\cje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 11:44:00 | 00,002,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/03/04 11:44:00 | 00,000,088 | RHS- | C] () -- C:\Windows\System32\02C8A36D20.sys
[2008/03/03 20:06:28 | 00,107,256 | ---- | C] () -- C:\Users\cje\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/03/03 19:53:31 | 02,959,118 | -H-- | C] () -- C:\Users\cje\AppData\Local\IconCache.db
[2008/03/03 19:53:31 | 00,007,944 | ---- | C] () -- C:\Users\cje\AppData\Local\d3d9caps.dat
[2007/05/29 15:09:25 | 01,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/05/29 14:54:51 | 00,006,257 | ---- | C] () -- C:\Windows\System32\Setup2k.ini
[2007/05/29 14:54:51 | 00,000,302 | ---- | C] () -- C:\Windows\System32\presetup.ini
[2007/05/29 14:54:48 | 00,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2006/12/15 03:32:52 | 00,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2006/12/15 03:32:44 | 00,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2006/11/02 04:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 02:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:23:31 | 00,000,128 | ---- | C] () -- C:\Windows\win.ini
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/08/18 02:46:38 | 00,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2002/11/13 07:40:22 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2002/09/13 03:40:06 | 00,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
========== LOP Check ==========
[2009/11/07 13:43:31 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming
[2009/05/08 09:08:01 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Auslogics
[2009/11/07 13:43:31 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\AVG9
[2008/09/10 08:43:44 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Corel
[2008/04/21 20:59:58 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\dvdcss
[2008/03/12 19:32:37 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\ESTsoft
[2009/05/12 13:40:39 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\gtk-2.0
[2009/11/06 09:40:56 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\ImgBurn
[2009/08/31 11:17:29 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\InterTrust
[2008/12/09 11:24:16 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\LaCie
[2008/03/03 20:08:17 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Leadertech
[2008/03/03 20:07:19 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Lenovo
[2008/03/10 22:47:50 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\PeerNetworking
[2009/11/09 13:06:24 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/11/11 16:55:39 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/11 16:53:01 | 00,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/10 18:00:43 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job
========== Purity Check ==========
< End of report >
OTL logfile created on: 11/11/2009 5:15:03 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\cje\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.44 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 53.77% Memory free
3.12 Gb Paging File | 2.33 Gb Available in Paging File | 74.59% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.29 Gb Total Space | 18.16 Gb Free Space | 25.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 360.31 Gb Free Space | 77.38% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-MASTER
Current User Name: cje
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/11/10 02:22:03 | 02,016,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/07 14:35:08 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/11/07 13:08:57 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/07 13:08:57 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/07 13:08:57 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/07 13:08:57 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/07 13:08:57 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/07 13:08:56 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/14 14:57:20 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
PRC - [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/10 22:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/10 22:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/02/06 18:32:08 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/03/04 09:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/01/18 23:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/18 23:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/10/09 15:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/09/26 16:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/12/21 18:40:06 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/12/13 22:13:02 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2006/12/13 22:11:14 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/12/13 21:59:04 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/11/19 21:10:04 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006/11/15 15:21:56 | 00,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 15:20:46 | 00,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2003/08/18 02:37:09 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE
PRC - [2003/08/18 02:32:55 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXPPS.EXE
PRC - [2003/06/26 03:02:00 | 00,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe
PRC - [2002/06/11 23:23:54 | 01,495,040 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\Windows\mixer.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/11/07 14:35:08 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/11/07 13:08:57 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc [Auto | Running])
SRV - [2009/11/07 13:08:56 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd [Auto | Running])
SRV - [2009/09/24 17:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache [On_Demand | Stopped])
SRV - [2009/04/10 22:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/03/29 20:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/29 20:42:10 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/18 10:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/18 10:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 10:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/06 18:32:08 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2008/03/04 09:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2008/01/18 23:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/18 23:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2007/10/09 15:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
SRV - [2007/09/26 16:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
SRV - [2006/12/21 18:40:06 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
SRV - [2006/12/13 22:13:02 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
SRV - [2006/12/13 22:11:14 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
SRV - [2006/11/19 21:10:04 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
SRV - [2006/11/15 15:20:46 | 00,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/08/18 02:37:09 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2009/11/10 02:22:00 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/11/07 13:09:42 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/11/07 13:09:42 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/03 06:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/02/29 03:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 03:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/01/26 02:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2008/01/18 20:25:04 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Running])
DRV - [2007/05/29 15:14:36 | 00,033,536 | ---- | M] (Lenovo) -- C:\Windows\System32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Running])
DRV - [2007/04/09 08:50:34 | 00,009,600 | ---- | M] (Waytech Development, Inc.) -- C:\Windows\System32\Drivers\UsbFltr.sys -- (UsbFltr [On_Demand | Stopped])
DRV - [2007/03/22 20:47:00 | 07,467,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2007/02/18 21:56:46 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2007/01/09 08:22:28 | 00,006,144 | ---- | M] (Chic) -- C:\Windows\System32\DRIVERS\moufiltr.sys -- (moufiltr [On_Demand | Stopped])
DRV - [2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2006/12/13 19:32:08 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])
DRV - [2006/11/09 19:01:54 | 00,307,712 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/11/06 00:23:24 | 00,012,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\DRIVERS\PROCDD.SYS -- (PROCDD [Auto | Running])
DRV - [2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 01:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 01:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 01:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/10/23 13:56:56 | 00,016,192 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\DRIVERS\pelusblf.sys -- (pelusblf [On_Demand | Stopped])
DRV - [2006/10/23 13:55:26 | 00,023,360 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\DRIVERS\pelmouse.sys -- (pelmouse [On_Demand | Stopped])
DRV - [2006/10/18 18:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2003/05/13 18:57:02 | 00,090,357 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\DRIVERS\P1110VID.sys -- (P1110VID [On_Demand | Running])
DRV - [2002/06/11 18:28:50 | 00,379,150 | ---- | M] (C-Media Inc) -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 00:25:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/10 08:01:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2009/09/20 07:52:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2009/09/20 07:52:10 | 00,000,000 | ---D | M]
[2009/09/20 06:53:30 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Extensions
[2009/09/20 06:53:30 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 18:17:45 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Firefox\Profiles\hx7rej8h.default\extensions
[2009/09/20 06:57:22 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\mozilla\Firefox\Profiles\hx7rej8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O1 HOSTS File: (351990 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 100-- The nicest hobby on Earth ;) --links.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12068 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [combofix] C:\ComboThis26043C\CF24323.exe ()
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/11/07 14:33:49 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/11/07 13:08:52 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/07 13:43:31 | 00,000,000 | ---D | C] -- C:\Users\cje\AppData\Roaming\AVG9
[2009/11/06 09:29:30 | 00,000,000 | ---D | C] -- C:\Users\cje\AppData\Roaming\ImgBurn
[2009/10/14 09:28:10 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/07 14:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/11/08 01:36:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/07 11:51:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/11 16:20:33 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/11 16:20:15 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/09 21:49:23 | 00,000,000 | ---D | C] -- C:\Users\cje\Desktop\NOV2009FixTXTs
[2009/11/08 01:35:17 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/11/08 01:35:15 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/08 01:35:13 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/07 20:15:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/07 20:15:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/07 14:35:36 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/11/07 13:09:52 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/07 12:12:27 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/11/07 12:12:26 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/11/07 12:12:26 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/11/07 12:12:26 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/11/07 12:12:26 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/11/07 12:12:25 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/11/07 12:12:25 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/11/07 12:12:24 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/11/07 12:12:23 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/11/07 12:12:23 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/11/07 12:12:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/11/07 12:12:22 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/11/07 12:12:22 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/11/07 12:12:22 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/11/07 12:12:22 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/11/07 12:12:21 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/11/07 12:12:21 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/11/07 12:12:20 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/11/07 12:10:15 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/11/07 12:10:14 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/11/07 12:10:14 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/11/07 12:10:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/11/07 12:10:13 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/11/07 12:10:13 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/11/07 12:10:13 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/11/07 12:10:13 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/11/07 12:10:13 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/11/07 12:10:13 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/11/07 12:10:12 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/11/07 12:10:11 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/11/07 12:10:11 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/11/07 12:10:11 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/11/07 12:10:10 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/11/07 12:10:10 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/11/07 12:10:10 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/11/07 12:10:10 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/11/07 12:10:09 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/11/07 12:10:09 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/11/07 12:10:08 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/11/07 12:10:08 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/11/07 12:10:08 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/11/07 12:10:08 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/11/07 12:10:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/11/07 12:10:05 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/11/07 12:10:05 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/11/07 12:10:05 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/11/07 12:10:05 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/11/07 12:10:05 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/11/07 12:10:05 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/11/07 12:10:04 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/11/07 12:10:04 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/11/07 11:44:56 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/07 11:44:55 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/07 11:44:54 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/07 11:44:16 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/11/07 11:44:15 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/11/07 11:44:15 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/07 11:44:15 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/07 11:44:14 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/07 11:44:14 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/07 11:44:13 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/07 11:44:13 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/07 11:44:13 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/07 11:44:13 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/07 11:44:13 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/07 11:44:13 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/07 11:44:13 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodec-- The nicest hobby on Earth ;) --t.dll
[2009/11/07 11:44:13 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/07 11:44:12 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/07 11:44:12 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/07 11:44:12 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/07 11:44:12 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/07 11:44:12 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/07 11:44:12 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/07 11:44:12 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/07 11:44:12 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/07 11:44:11 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/07 11:44:11 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/07 11:44:11 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/07 11:44:11 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/07 11:44:11 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/07 11:43:40 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/11/07 11:43:40 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/07 11:43:40 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/07 11:43:36 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/07 11:43:34 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/11/07 11:43:34 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/07 11:43:34 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/07 11:43:34 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/07 11:43:34 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/07 11:43:34 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClas-- The nicest hobby on Earth ;) --tension.dll
[2009/11/07 11:43:34 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/11/07 11:43:33 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/07 11:42:13 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/07 11:42:13 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/11/07 11:42:13 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/27 23:39:04 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/27 23:39:01 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/27 23:38:59 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/24 21:52:29 | 00,000,000 | --SD | C] -- C:\ComboThis26043C
[2009/10/24 21:17:05 | 00,793,200 | ---- | C] (Symantec Corporation) -- C:\Users\cje\Desktop\Norton_Tool.exe
[2009/10/22 22:40:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/22 22:40:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/22 22:40:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/22 22:40:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/22 22:40:22 | 00,000,000 | --SD | C] -- C:\ComboThis
[2009/10/22 20:58:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/22 20:11:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/21 00:39:36 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/21 00:39:36 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/21 00:39:36 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/21 00:39:36 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/21 00:39:02 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/21 00:39:02 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/21 00:39:02 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/21 00:38:30 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/21 00:38:30 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/20 20:08:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/20 20:08:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/20 20:08:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/14 14:57:47 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
[2009/10/14 14:29:38 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\cje\Desktop\ATF-Cleaner.exe
[2009/10/14 07:52:33 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/14 07:52:30 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/14 07:51:54 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/14 07:51:54 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/14 07:51:37 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/14 07:47:06 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
========== Files - Modified Within 30 Days ==========
[2009/11/11 17:01:30 | 00,747,718 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/11 17:01:30 | 00,638,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/11 17:01:30 | 00,121,986 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/11 16:55:50 | 00,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2009/11/11 16:55:50 | 00,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2009/11/11 16:55:44 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 16:55:44 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 16:55:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/11 16:55:24 | 00,387,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/11 16:55:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/11 02:38:30 | 44,947,123 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/11 02:37:53 | 00,088,832 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/10 18:00:43 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job
[2009/11/10 08:00:00 | 02,959,118 | -H-- | M] () -- C:\Users\cje\AppData\Local\IconCache.db
[2009/11/10 07:24:46 | 00,211,968 | ---- | M] () -- C:\Users\cje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 02:22:00 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/09 13:06:24 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/07 20:15:25 | 00,000,530 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 14:33:45 | 00,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/07 13:09:42 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/07 13:09:42 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/07 13:09:35 | 00,001,657 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/07 13:09:27 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/07 13:09:27 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/07 11:46:34 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/07 09:58:13 | 00,000,622 | ---- | M] () -- C:\Users\cje\Desktop\CCleaner.lnk
[2009/11/07 01:34:52 | 00,351,990 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/06 09:14:02 | 00,000,606 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/24 21:50:32 | 03,365,061 | R--- | M] () -- C:\Users\cje\Desktop\ComboFix.exe
[2009/10/24 21:17:11 | 00,793,200 | ---- | M] (Symantec Corporation) -- C:\Users\cje\Desktop\Norton_Tool.exe
[2009/10/22 23:22:20 | 00,348,488 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091107-013452.backup
[2009/10/22 14:45:24 | 00,103,193 | ---- | M] () -- C:\Users\cje\Documents\NeedleDowntown.xps
[2009/10/22 08:16:56 | 00,348,488 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091023-002220.backup
[2009/10/21 02:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/21 00:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/14 15:41:57 | 00,000,000 | ---- | M] () -- C:\Users\cje\Desktop\SecurityCheck.exe
[2009/10/14 14:57:20 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\cje\Desktop\OTL.exe
[2009/10/14 14:28:57 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\cje\Desktop\ATF-Cleaner.exe
[2009/10/14 08:27:13 | 00,345,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091022-091656.backup
========== Files - No Company Name ==========
[2009/11/07 20:15:25 | 00,000,530 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 14:33:45 | 00,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/11/07 13:09:35 | 00,001,657 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/07 12:12:23 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/11/07 11:46:34 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/06 09:14:02 | 00,000,606 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/10/22 22:40:34 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/22 22:40:34 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/22 22:40:34 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/22 22:40:34 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/22 18:47:32 | 03,365,061 | R--- | C] () -- C:\Users\cje\Desktop\ComboFix.exe
[2009/10/22 14:45:21 | 00,103,193 | ---- | C] () -- C:\Users\cje\Documents\NeedleDowntown.xps
[2009/10/14 15:42:38 | 00,000,000 | ---- | C] () -- C:\Users\cje\Desktop\SecurityCheck.exe
[2009/09/09 20:48:59 | 00,000,760 | ---- | C] () -- C:\Users\cje\AppData\Roaming\setup_ldm.iss
[2009/07/28 10:40:12 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/20 14:49:32 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/20 14:49:24 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/20 14:49:23 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/20 14:49:17 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/03/20 14:49:16 | 00,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/09 11:24:45 | 00,000,091 | ---- | C] () -- C:\Users\cje\AppData\Local\fusioncache.dat
[2008/04/21 16:55:43 | 00,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini
[2008/04/21 16:54:18 | 00,028,145 | ---- | C] () -- C:\Windows\CMIJACK.INI
[2008/04/21 16:54:17 | 00,017,824 | ---- | C] () -- C:\Windows\CMAUDIO.INI
[2008/04/21 16:54:17 | 00,000,411 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2008/04/21 16:54:17 | 00,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI
[2008/04/07 08:55:39 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/10 22:47:50 | 00,025,773 | ---- | C] () -- C:\Users\cje\AppData\Roaming\UserTile.png
[2008/03/04 11:48:05 | 00,211,968 | ---- | C] () -- C:\Users\cje\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 11:44:00 | 00,002,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/03/04 11:44:00 | 00,000,088 | RHS- | C] () -- C:\Windows\System32\02C8A36D20.sys
[2008/03/03 20:06:28 | 00,107,256 | ---- | C] () -- C:\Users\cje\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/03/03 19:53:31 | 02,959,118 | -H-- | C] () -- C:\Users\cje\AppData\Local\IconCache.db
[2008/03/03 19:53:31 | 00,007,944 | ---- | C] () -- C:\Users\cje\AppData\Local\d3d9caps.dat
[2007/05/29 15:09:25 | 01,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/05/29 14:54:51 | 00,006,257 | ---- | C] () -- C:\Windows\System32\Setup2k.ini
[2007/05/29 14:54:51 | 00,000,302 | ---- | C] () -- C:\Windows\System32\presetup.ini
[2007/05/29 14:54:48 | 00,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2006/12/15 03:32:52 | 00,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2006/12/15 03:32:44 | 00,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2006/11/02 04:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 02:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:23:31 | 00,000,128 | ---- | C] () -- C:\Windows\win.ini
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/08/18 02:46:38 | 00,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2002/11/13 07:40:22 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2002/09/13 03:40:06 | 00,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
========== LOP Check ==========
[2009/11/07 13:43:31 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming
[2009/05/08 09:08:01 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Auslogics
[2009/11/07 13:43:31 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\AVG9
[2008/09/10 08:43:44 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Corel
[2008/04/21 20:59:58 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\dvdcss
[2008/03/12 19:32:37 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\ESTsoft
[2009/05/12 13:40:39 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\gtk-2.0
[2009/11/06 09:40:56 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\ImgBurn
[2009/08/31 11:17:29 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\InterTrust
[2008/12/09 11:24:16 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\LaCie
[2008/03/03 20:08:17 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Leadertech
[2008/03/03 20:07:19 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\Lenovo
[2008/03/10 22:47:50 | 00,000,000 | ---D | M] -- C:\Users\cje\AppData\Roaming\PeerNetworking
[2009/11/09 13:06:24 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/11/11 16:55:39 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/11 16:53:01 | 00,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/10 18:00:43 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job
========== Purity Check ==========
< End of report >
OK, looks good. A little cleanup and we are done.
First:
Run OTL.exe
Second:
Click Start, then click Run.
Enter into the command box that opens: combofix /u and then click OK.
First:
Run OTL.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the followingCODE:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [combofix] C:\ComboThis26043C\CF24323.exe ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post a new OTL2 log
Second:
Click Start, then click Run.
Enter into the command box that opens: combofix /u and then click OK.
Done part one.... here are the results... :
All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
C:\ComboThis26043C\CF24323.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cje
->Temp folder emptied: 704 bytes
File delete failed. C:\Users\cje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 106531 bytes
->Java cache emptied: 19560927 bytes
->FireFox cache emptied: 40193749 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 57.12 mb
OTL by OldTimer - Version 3.0.21.0 log created on 11122009_084908
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
--------------------------------------------------------------------------------------------------------
end of part one... now (after I post this) i will do part two...
CJE. :)
All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
C:\ComboThis26043C\CF24323.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cje
->Temp folder emptied: 704 bytes
File delete failed. C:\Users\cje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 106531 bytes
->Java cache emptied: 19560927 bytes
->FireFox cache emptied: 40193749 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 57.12 mb
OTL by OldTimer - Version 3.0.21.0 log created on 11122009_084908
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
--------------------------------------------------------------------------------------------------------
end of part one... now (after I post this) i will do part two...
CJE. :)
Ok for part two... the computer states:
< Windows cannot find 'combofix'. Make sure you typed the name correctly, and try again. >
If I use search to find <combofix > it is still on the desktop, (combofix.exe), but this command prompt < combofix /u > would not work.?.
Is this right?
Thanks for all your help !!!! :) Chris
< Windows cannot find 'combofix'. Make sure you typed the name correctly, and try again. >
If I use search to find <combofix > it is still on the desktop, (combofix.exe), but this command prompt < combofix /u > would not work.?.
Is this right?
Thanks for all your help !!!! :) Chris
Just making sure that Combofix was not installed. THe previous OTL log showed an startup entry for it. GO ahead and delete otl.exe and the logs. That's all, we're finished.
I saw that in the startup list as well... (meant to ask about), anyways thanks for all your help.
Will definetly reccomend this site for help in the future and, since everyone I know brings there computer to me to fix, I will probably be back myself.
Again thanks so much. Chris.
Will definetly reccomend this site for help in the future and, since everyone I know brings there computer to me to fix, I will probably be back myself.
Again thanks so much. Chris.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.