aidomagoo
-
Content Count
3 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by aidomagoo
-
-
Ok here goes, I did run MBAM a few days ago before running all of the checks and programmes you recommended here and it succesfully removed one peice of malware and also ad aware picked up a win32backdoor Agent :
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
This is the current MBAM log from my latest scan after following your advice :
Malwarebytes' Anti-Malware 1.37
Database version: 2270
Windows 6.0.6001 Service Pack 1
13/06/2009 09:32:18
mbam-log-2009-06-13 (09-32-18).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 252734
Time elapsed: 1 hour(s), 17 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
This is my Rooter log :
Rooter.exe (v1.0) by Eric_71
¨
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
32_bits - x86 Family 16 Model 2 Stepping 2, AuthenticAMD
¨
C:\ [Fixed-NTFS] .. ( Total:466418 Mo - Free:317745 Mo )
D:\ [Fixed-NTFS] .. ( Total:10519 Mo - Free:1437 Mo )
E:\ [CD_Rom]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
K:\ [CD_Rom]
¨
Scan : 11:22.32
Path : C:\Users\Aido\Desktop\Rooter.exe
User : Aido ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [system Process] (0)
Locked System (4)
______ C:\Windows\system32\csrss.exe (580)
______ C:\Windows\system32\wininit.exe (628)
______ C:\Windows\system32\csrss.exe (640)
______ C:\Windows\system32\services.exe (676)
______ C:\Windows\system32\lsass.exe (688)
______ C:\Windows\system32\lsm.exe (704)
______ C:\Windows\system32\winlogon.exe (832)
______ C:\Windows\system32\svchost.exe (924)
______ C:\Windows\system32\svchost.exe (988)
______ ?? (1080)
______ C:\Windows\system32\svchost.exe (1144)
______ C:\Windows\System32\svchost.exe (1160)
______ C:\Windows\System32\svchost.exe (1220)
______ C:\Windows\System32\svchost.exe (1268)
______ C:\Windows\system32\svchost.exe (1284)
Locked audiodg.exe (1424)
______ C:\Windows\system32\SLsvc.exe (1456)
______ C:\Windows\system32\svchost.exe (1564)
______ C:\Windows\system32\svchost.exe (1876)
______ C:\Windows\system32\TDSupportApp\cdrom_mon.exe (552)
______ C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe (572)
______ C:\Windows\system32\svchost.exe (1704)
______ C:\Windows\system32\svchost.exe (1744)
______ C:\Windows\System32\svchost.exe (1640)
______ C:\Windows\system32\SearchIndexer.exe (1780)
______ C:\Windows\system32\WUDFHost.exe (1388)
______ C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2112)
______ C:\Windows\system32\wbem\wmiprvse.exe (2608)
______ ?? (3412)
______ c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (3104)
______ C:\Program Files\Windows Media Player\wmpnetwk.exe (3296)
______ C:\Program Files\Windows Live\Messenger\usnsvc.exe (2148)
______ C:\Windows\system32\taskeng.exe (2788)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (4884)
______ C:\Windows\system32\wbem\unsecapp.exe (5092)
______ C:\Windows\system32\Dwm.exe (3268)
______ C:\Windows\System32\rundll32.exe (4124)
______ C:\Windows\explorer.exe (3880)
______ C:\Program Files\Mozilla Firefox\firefox.exe (1492)
______ C:\Windows\system32\taskeng.exe (5776)
______ C:\Program Files\ZTE Mobile Connection\Datacard.exe (3828)
______ C:\Windows\system32\SearchProtocolHost.exe (4800)
______ C:\Windows\system32\SearchFilterHost.exe (856)
______ C:\Users\Aido\Desktop\Rooter.exe (2696)
______ C:\Windows\servicing\TrustedInstaller.exe (6056)
______ C:\Windows\system32\wbem\wmiprvse.exe (3124)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:489075116544)
\Device\Harddisk0\Partition2 (Start_Offset:489075148800 | Length:11030100480)
¨
----------------------\\ Scheduled Tasks
¨
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 11:23.02
¨
C:\Rooter$\Rooter_1.txt - (13/06/2009 | 11:23.03)
This is my OTL log :
OTL logfile created on: 13/06/2009 11:25:37 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Aido\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.40% Memory free
4.00 Gb Paging File | 3.97 Gb Available in Paging File | 99.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.49 Gb Total Space | 310.30 Gb Free Space | 68.12% Space Free | Partition Type: NTFS
Drive D: | 10.27 Gb Total Space | 1.40 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SMEXUAL
Current User Name: Aido
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Windows\system32\TDSupportApp\cdrom_mon.exe ()
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ZTE Mobile Connection\Datacard.exe (ZTE Corporation)
PRC - C:\Users\Aido\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Autorun CDROM Monitor [Auto | Running]) -- C:\Windows\system32\TDSupportApp\cdrom_mon.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (DTSRVC [Auto | Running]) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (idsvc [unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [On_Demand | Stopped]) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (Afc [On_Demand | Running]) -- C:\Windows\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdGuard [system | Running]) -- C:\Windows\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [system | Running]) -- C:\Windows\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (Inspect [system | Running]) -- C:\Windows\system32\DRIVERS\inspect.sys (COMODO)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvstor32 [boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (PdiPorts [On_Demand | Running]) -- C:\Windows\System32\Drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SNP2UVC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\snp2uvc.sys ()
DRV - (sptd [boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (xusb21 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV - (ZTEusbmdm6k [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys (ZTE Corporation)
DRV - (ZTEusbnmea [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ZTEusbnmea.sys (ZTE Corporation)
DRV - (ZTEusbser6k [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ZTEusbser6k.sys (ZTE Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/13 00:46:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/13 00:46:14 | 00,000,000 | ---D | M]
[2008/07/04 22:29:24 | 00,000,000 | ---D | M] -- C:\Users\Aido\AppData\Roaming\mozilla\Extensions
[2008/07/04 22:29:24 | 00,000,000 | ---D | M] -- C:\Users\Aido\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/12 13:58:47 | 00,000,000 | ---D | M] -- C:\Users\Aido\AppData\Roaming\mozilla\Firefox\Profiles\ytzkuizv.default\extensions
[2009/06/11 09:12:00 | 00,000,000 | ---D | M] -- C:\Users\Aido\AppData\Roaming\mozilla\Firefox\Profiles\ytzkuizv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/07/05 12:28:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 00:46:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/13 00:46:08 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 00:46:08 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 14:11:51 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (307145 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" (OsdMaestro)
O4 - HKLM..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" ()
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/04 21:11:16 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\Shell - "" = AutoRun
O33 - MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\Shell - "" = AutoRun
O33 - MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\Shell - "" = AutoRun
O33 - MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\Shell - "" = AutoRun
O33 - MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{cb16c881-4f1d-11dd-92ed-001e8cb67b75}\Shell\Auto\command - "" = Cn911.exe
O33 - MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\Shell - "" = AutoRun
O33 - MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/13 11:24:39 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
========== Files/Folders - Created Within 30 Days ==========
[2009/06/13 11:24:03 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Aido\Desktop\OTL.exe
[2009/06/13 11:23:02 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/13 11:22:01 | 00,128,933 | ---- | C] (Eric_71) -- C:\Users\Aido\Desktop\Rooter.exe
[2009/06/13 02:05:34 | 00,000,000 | ---D | C] -- C:\Users\Aido\Desktop\anti spyware
[2009/06/13 02:01:41 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/06/13 02:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/12 05:11:40 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/06/12 05:11:39 | 00,000,068 | -H-- | C] () -- C:\aaw7boot.cmd
[2009/06/11 09:17:56 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/06/11 09:17:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/06/11 09:17:37 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/06/11 09:11:14 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/11 09:11:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/06/11 09:11:01 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/06/11 01:14:08 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/11 01:14:02 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/11 01:13:55 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/11 01:13:25 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/11 01:13:22 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/11 01:13:20 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/11 01:13:19 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/11 01:13:18 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/11 01:13:18 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/11 01:13:17 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/11 01:13:16 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/11 01:13:15 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/11 01:13:14 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/11 01:13:14 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/11 01:13:13 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/06/11 01:13:11 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/11 01:13:10 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/11 01:13:07 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/11 00:15:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/10 18:14:13 | 00,000,000 | ---D | C] -- C:\Users\Aido\AppData\Roaming\Malwarebytes
[2009/06/10 18:13:28 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/10 18:13:20 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/10 18:13:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/10 18:13:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/10 07:08:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/06/10 07:08:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/18 22:45:53 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx
[2009/05/18 22:45:30 | 00,061,440 | ---- | C] (Windswept Software) -- C:\Windows\System32\digitbox.ocx
[2009/05/18 22:45:20 | 00,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2009/05/18 22:45:13 | 00,000,000 | ---D | C] -- C:\Program Files\Alarm
[2009/05/18 22:44:25 | 00,000,000 | ---D | C] -- C:\Users\Aido\Desktop\Alarm
[2009/05/18 22:43:39 | 00,696,290 | ---- | C] () -- C:\Users\Aido\Desktop\Alarm.zip
[2009/05/17 21:49:28 | 00,101,120 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2009/05/17 21:49:28 | 00,101,120 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2009/05/17 21:49:28 | 00,101,120 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2009/05/17 21:49:22 | 00,000,000 | ---D | C] -- C:\Windows\System32\SupportApp
[2009/05/17 21:49:18 | 00,001,521 | ---- | C] () -- C:\Users\Public\Desktop\ZTE Mobile Connection.lnk
[2009/05/17 21:49:18 | 00,000,000 | ---D | C] -- C:\Program Files\ZTE Mobile Connection
[2009/05/17 21:47:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\TDSupportApp
[2009/04/15 00:05:22 | 00,000,071 | ---- | C] () -- C:\Windows\wininit.ini
[2009/02/06 17:15:26 | 00,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008/10/03 22:52:46 | 00,000,684 | ---- | C] () -- C:\Windows\Sof.INI
[2008/09/30 16:57:33 | 00,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2008/09/30 15:30:08 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/09/25 20:36:28 | 00,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/09/25 20:36:27 | 09,611,520 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/09/25 20:36:27 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008/09/25 20:36:27 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/09/25 20:36:27 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/07/02 18:40:01 | 00,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2008/01/04 20:45:10 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/01/04 20:45:10 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 11:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Files - Modified Within 30 Days ==========
[2009/06/13 11:24:03 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Aido\Desktop\OTL.exe
[2009/06/13 11:22:02 | 00,128,933 | ---- | M] (Eric_71) -- C:\Users\Aido\Desktop\Rooter.exe
[2009/06/13 10:15:27 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/13 10:15:27 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/13 09:55:45 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/13 09:55:45 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/13 09:55:45 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/12 09:34:25 | 00,000,522 | ---- | M] () -- C:\Users\Aido\Documents\My Sharing Folders.lnk
[2009/06/12 05:11:39 | 00,000,068 | -H-- | M] () -- C:\aaw7boot.cmd
[2009/06/11 12:15:36 | 00,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2009/06/11 12:15:28 | 00,306,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/11 12:15:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/11 12:15:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/11 09:20:19 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/06/11 09:16:54 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/06/11 09:16:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/06/10 17:52:02 | 00,307,145 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/06/01 17:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/18 22:43:55 | 00,696,290 | ---- | M] () -- C:\Users\Aido\Desktop\Alarm.zip
[2009/05/17 21:49:29 | 00,001,521 | ---- | M] () -- C:\Users\Public\Desktop\ZTE Mobile Connection.lnk
< End of report >
Last is the OTL extras log :
OTL Extras logfile created on: 13/06/2009 11:25:37 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Aido\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.40% Memory free
4.00 Gb Paging File | 3.97 Gb Available in Paging File | 99.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.49 Gb Total Space | 310.30 Gb Free Space | 68.12% Space Free | Partition Type: NTFS
Drive D: | 10.27 Gb Total Space | 1.40 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SMEXUAL
Current User Name: Aido
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
{0561B9D6-0E72-48A4-A46E-2CD786BE34B3} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{0C700EF5-2357-475F-92A7-9F0659F1D5AD} = LPORT=554 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{0E5B6625-9D3C-423E-977C-DE3D40BFBD2C} = RPORT=139 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{10F9DEA5-A5FE-41D7-8041-B3668FB35975} = LPORT=554 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{131E730A-5A51-43AC-9FD5-91CC1C075E3B} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{185E2551-B34C-4E4C-BAC5-303549DDD48B} = LPORT=137 | PROTOCOL=17 | DIR=IN | APP=SYSTEM |
{1B67885D-8D73-4BF8-8F9B-0F258281E760} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{1B71C9C1-01CC-4A7D-A9B5-D38D47CFAD54} = LPORT=138 | PROTOCOL=17 | DIR=IN | APP=SYSTEM |
{22079E2B-D33D-4A3B-B8A5-19D889338A03} = LPORT=10244 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{2390AA1D-684D-4950-8B9E-9338108F9DDC} = RPORT=445 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{2AA0FC7E-761D-4B3C-8FBB-013B53199E72} = RPORT=138 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM |
{2CDF8CBF-970B-48E5-932B-D5C114B1E7C0} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{2D22128F-D55B-43B2-8596-D9683B2654B3} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{2E754DC0-E39C-487B-92A6-478DD74783B2} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{37E2013B-7970-4DB0-AA5F-815B18A35277} = LPORT=3390 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{3B20B203-61B2-44D1-966F-721F7954AADC} = LPORT=7777 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{51271D12-57A0-4FCF-BC41-688F84087C8D} = LPORT=445 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{5665F234-12F5-4A05-88BF-BE546E4C3DAC} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{58DB101E-EA79-467F-B595-90D13E6CC6E3} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{5D7BB03E-C836-4555-8CC4-93E052C76D99} = RPORT=10244 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{61C7130C-A2DC-4247-9B6B-02C6C802F0F3} = LPORT=3724 | PROTOCOL=6 | DIR=IN | NAME=BLIZZARD DOWNLOADER: 3724 |
{62BA33C2-B888-4921-A737-26188AAE2030} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{65E6D069-178C-43E9-A082-AEBDF7358E36} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{6C53CD21-E6AD-4ABE-8BEB-F227723D3F22} = RPORT=10243 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{76B23213-9AAF-4123-AF8A-25AFC2880A96} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{78D90BFE-75F4-4202-B33D-B359EB1B2326} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{7C42F18E-0525-46B7-B2BD-7C67693059D6} = LPORT=139 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{8655AB49-DB92-43F0-8E93-3CCF0672E72B} = RPORT=137 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM |
{86DC5881-D4ED-4DB8-BC88-5EE0FDF435A0} = LPORT=RPC-EPMAP | PROTOCOL=6 | DIR=IN | [email protected],-28539 | SVC=RPCSS |
{89AD44E5-EA2B-4108-A2CF-DF82A5DA0E23} = LPORT=7777 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{9A223234-56CF-4697-A801-3357AA961442} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{9C0DAA7F-A306-4D2B-8B8D-BB0147C9BD1C} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{9CE2FF49-6BB9-45C2-AA6A-1F8B0CB7B833} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |
{A1E6FB3D-7F8F-4318-886F-F234972E518C} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{A252831D-3DCC-4F5D-AC1E-73C5F0212D03} = LPORT=3390 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{A5C4183E-8AAB-4D35-8B35-114766BC2D1D} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{A60B7FBF-9CA4-47E1-84D6-36221175D41C} = LPORT=RPC | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{BB0011F9-D318-4CAF-A210-8FE7DD8FDCC2} = LPORT=10243 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{BDD78C3F-41D2-44CB-A7E8-98F4E17709B6} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{D00EB450-2595-4747-A51B-975E321FD363} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{DC9FB577-0C1C-4E23-8625-7609FB76767E} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{E9F03E2C-E123-4044-9A24-AC63A9C567AD} = RPORT=10244 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{ED520B2D-F08A-4118-A475-845456C785A2} = LPORT=10244 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{FC2F0C9C-1237-4290-BE2F-98C00005ACE9} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
========== Vista Active Application Exception List ==========
{0C1E5567-6AAB-4676-A80B-316E718E359E} = PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{19A779F1-4B24-4ED9-B352-CCA9A0A2F185} = PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{26EEBEF7-8202-495A-94BD-4080B04BCBA4} = PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{27DA775F-69A0-41C4-871D-5D1E17DA9813} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{38D8A89D-1999-41B5-86C3-A809A5FD98CE} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{3F2708CF-676C-4F98-9007-EF1B41A76E81} = DIR=IN | APP=C:\PROGRAM FILES\ELECTRONIC ARTS\COMMAND & CONQUER 3\RETAILEXE\1.0\CNC3GAME.DAT |
{43A2BCF4-4592-44BE-B1A0-24E65FC9CD22} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{44D158AA-C21A-4AE6-8FB3-3ABB44FC4115} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |
{473F8AF2-8CE1-453F-A944-8FEE2948BFC6} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{4D627ED8-5D93-4DD6-BBB6-C572A2271BA6} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{4F38FAFD-C0CA-403B-A6DB-8BECA8D66747} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |
{5A59CB5B-D148-4029-B24A-F69A4A32A1BB} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\EHSHELL.EXE |
{675B8062-4230-4BDE-A145-002B923BF2B4} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{6CA66AC6-D6CC-42C4-99F6-AB9DF436629D} = PROTOCOL=17 | DIR=IN | APP=C:\USERS\PUBLIC\DOCUMENTS\BLIZZARD ENTERTAINMENT\WORLD OF WARCRAFT\WOW-3.1.2.9901-TO-3.1.3.9947-ENGB-DOWNLOADER.EXE |
{7076F194-BEDC-4D3B-908E-964533A5B9C5} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{727EBECB-EF8D-4275-AB6A-8C57FF37A2E8} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE |
{91217470-6B2B-451F-B673-82CC97DF21B1} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{94ED824E-B891-429B-BE98-8EC95BAFBD93} = PROTOCOL=6 | DIR=IN | APP=C:\USERS\PUBLIC\DOCUMENTS\BLIZZARD ENTERTAINMENT\WORLD OF WARCRAFT\WOW-3.1.2.9901-TO-3.1.3.9947-ENGB-DOWNLOADER.EXE |
{A2CD0FB9-A5F3-4340-B94E-F8C088BC9189} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\MCX2PROV.EXE |
{AA49B7F3-79EE-44EF-BAFF-36D0513C01C7} = PROTOCOL=58 | DIR=IN | [email protected],-28545 |
{AC452B5A-0E30-4BAF-BBD8-DC23DCC970F3} = DIR=IN | APP=C:\PROGRAM FILES\CYBERLINK\POWERDIRECTOR\PDR.EXE |
{AF5BA41A-A76B-4FE1-9CE4-4D2DE9243E48} = PROTOCOL=6 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{BB64F147-4885-4742-86F8-C21F43F64248} = PROTOCOL=58 | DIR=OUT | [email protected],-28546 |
{CA889ACC-CDB9-4297-91B5-88064F659007} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{CCE6ACCD-8743-4F88-9968-086E74012628} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{D42B1A06-B727-4201-ABC2-2E130C7DB3C4} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\EHOME\MCX2PROV.EXE |
{D6A23139-E89F-4537-8D36-F0B0EC436FE9} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{D7D10025-B151-41EE-8D3B-63411CDFDF4B} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{D9E3BA01-E4BC-4FA8-B190-4E4ADA003114} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\LIVECALL.EXE |
{F019BAB3-2B87-4172-9BA0-6D079BC89D79} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE |
{F215EAEB-2E2D-432F-8F57-578AB950F1C2} = PROTOCOL=1 | DIR=IN | [email protected],-28543 |
{F95FE34A-76AA-4AED-A22D-8252331EB8C5} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{FF4AE3EB-583E-423A-ACB6-98ECF295425A} = PROTOCOL=1 | DIR=OUT | [email protected],-28544 |
{FF8994A9-55C5-4CF1-A9AC-4F1621867BBD} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
TCP Query User{1DFA65AC-1F57-423C-8EAA-DED97DE232ED}C:\program files\ea games\command & conquer the first decade\command & conquer renegade\renegade\game.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RENEGADE\RENEGADE\GAME.EXE |
TCP Query User{4EA25F05-6A94-4854-9F7E-37A9AE05F47C}C:\program files\ea games\command & conquer the first decade\command & conquer red alert ii\ra2\game.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RED ALERT II\RA2\GAME.EXE |
TCP Query User{547FD4FB-7B27-4436-82C5-B3FF3F3AC81C}C:\users\aido\desktop\total annahilation\totala.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\AIDO\DESKTOP\TOTAL ANNAHILATION\TOTALA.EXE |
TCP Query User{858A5B26-E841-454C-A0E8-E6EF41794DB9}C:\program files\world of warcraft\launcher.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\WORLD OF WARCRAFT\LAUNCHER.EXE |
TCP Query User{9572A80E-C825-4956-85CF-4CB073C0FA8C}C:\program files\thq\dawn of war\w40k.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\THQ\DAWN OF WAR\W40K.EXE |
TCP Query User{BD1741C3-2E5F-40EF-B5C5-E2EFF08498BC}C:\program files\ea games\ultima online 2d client\client.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\ULTIMA ONLINE 2D CLIENT\CLIENT.EXE |
TCP Query User{BE693DD5-777D-4BCC-9FDE-8DFA18D1FAB7}C:\windows\system32\dplaysvr.exe = PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\DPLAYSVR.EXE |
TCP Query User{CEDEFD7F-9038-4E5E-87D7-F71BDE9E47E9}C:\program files\curse\curseclient.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE |
TCP Query User{D06324B1-3889-466F-89DD-B25235195149}C:\users\aido\appdata\local\temp\electronicarts_patcher_000.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\AIDO\APPDATA\LOCAL\TEMP\ELECTRONICARTS_PATCHER_000.EXE |
UDP Query User{06A2A725-2F9C-4E46-B37D-98691992C34A}C:\windows\system32\dplaysvr.exe = PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\DPLAYSVR.EXE |
UDP Query User{09277570-D3E5-4C5C-8B14-26B2434B53F0}C:\users\aido\desktop\total annahilation\totala.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\AIDO\DESKTOP\TOTAL ANNAHILATION\TOTALA.EXE |
UDP Query User{315DB30A-FACE-4272-BA25-AB55A2048368}C:\program files\ea games\command & conquer the first decade\command & conquer renegade\renegade\game.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RENEGADE\RENEGADE\GAME.EXE |
UDP Query User{3A164EA5-147B-4880-A6B6-9D0A2CFD34D9}C:\program files\ea games\ultima online 2d client\client.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\ULTIMA ONLINE 2D CLIENT\CLIENT.EXE |
UDP Query User{4C76D447-ECC5-4667-9242-DA24C5769FFF}C:\program files\thq\dawn of war\w40k.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\THQ\DAWN OF WAR\W40K.EXE |
UDP Query User{55BB3356-989B-4E3E-B742-00C3B9BB4C75}C:\program files\ea games\command & conquer the first decade\command & conquer red alert ii\ra2\game.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RED ALERT II\RA2\GAME.EXE |
UDP Query User{8E5560E0-4297-4549-9F47-01BFA3991A8D}C:\program files\world of warcraft\launcher.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\WORLD OF WARCRAFT\LAUNCHER.EXE |
UDP Query User{90F21ECE-E5D2-4740-82FE-68B564BCC25C}C:\program files\curse\curseclient.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\CURSE\CURSECLIENT.EXE |
UDP Query User{DED87797-1D3D-4B41-8D1C-501C7DAFB5B3}C:\users\aido\appdata\local\temp\electronicarts_patcher_000.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\AIDO\APPDATA\LOCAL\TEMP\ELECTRONICARTS_PATCHER_000.EXE |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F25F02B-854E-49B3-8F68-6D27CE4D477E}" = Ultima Online 2D Client
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB2.0 UVC Camera
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = O2 Broadband USB Modem
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1FA102-9B90-48B0-8DF8-735BBA5F4093}" = Driver Updater Pro
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C38AA6-C887-4B31-8B76-77C1CC40FFC7}" = ZTE Mobile Connection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EA57EFB9-A257-4DD0-BC6D-0FA5625F3421}" = ArcSoft PhotoImpression 5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Alarm_is1" = Alarm 2.0.4
"COMODO Internet Security" = COMODO Internet Security
"CurseClient" = Curse Client
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Updater Pro" = Driver Updater Pro
"ERUNT_is1" = ERUNT 1.1j
"GrandBilliards_is1" = GrandBilliards 1.0
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Paddy Power Poker" = Paddy Power Poker
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"War of the Ring" = War of the Ring
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01/06/2009 13:53:45 | Computer Name = Smexual | Source = RasClient | ID = 20227
Description =
Error - 02/06/2009 12:13:17 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02/06/2009 12:30:56 | Computer Name = Smexual | Source = Application Error | ID = 1000
Description = Faulting application hpsdpapp.exe, version 5.4.0.2407, time stamp
0x46deee05, faulting module hpsdpapp.exe, version 5.4.0.2407, time stamp 0x46deee05,
exception code 0xc0000005, fault offset 0x0002e2cb, process id 0xa7c, application
start time 0x01c9e39f61a0cd9f.
Error - 02/06/2009 13:00:04 | Computer Name = Smexual | Source = Application Error | ID = 1000
Description = Faulting application hpsdpapp.exe, version 5.4.0.2407, time stamp
0x46deee05, faulting module hpsdpapp.exe, version 5.4.0.2407, time stamp 0x46deee05,
exception code 0xc0000005, fault offset 0x0002e2cb, process id 0x9f0, application
start time 0x01c9e3a390cced2f.
Error - 03/06/2009 13:33:33 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 05/06/2009 13:32:51 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07/06/2009 11:54:22 | Computer Name = Smexual | Source = Application Error | ID = 1000
Description = Faulting application Ventrilo.exe, version 3.0.1.0, time stamp 0x473f5606,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc000001d, fault offset 0x026aaead, process id 0x37c, application start time 0x01c9e75fba890e70.
Error - 08/06/2009 11:42:47 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 08/06/2009 11:58:31 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09/06/2009 05:18:04 | Computer Name = Smexual | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 05/10/2008 08:27:43 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:27:57 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:28:10 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:28:20 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:28:32 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:28:41 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:28:50 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:28:59 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:29:12 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 05/10/2008 08:29:26 | Computer Name = Smexual | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
< End of report >
Thanks for taking the time to look at this for me !
-
I recently got a keylogger and have tried to take measures to get rid of it. I have installed and run spybot S&D, MBAM and ATF Cleaner, the problem is I cannot tell if the logger has been removed. This is the hijackthis log that I got after running the above mentioned programmes :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:52, on 11/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ZTE Mobile Connection\Datacard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D32C17-E5C3-4B5C-BBEE-807BF7979D11}: NameServer = 172.31.140.69 172.30.140.69
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 7122 bytes
Any help or information would help give me peace of mind with this. Thanks in advance, I think what this community is doing is really fantastic.
Hijackthis Log[INACTIVE]
in Malware Removal
Posted
The alarm.exe is a free alarm clock that I downloaded recently.
This is the OTL log after running chkdsk and the custom fix that you gave me :
========== OTL ==========
Process explorer.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f5e641-5800-11dd-a935-001e8cb67b75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f5e641-5800-11dd-a935-001e8cb67b75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f5e641-5800-11dd-a935-001e8cb67b75}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f5e643-5800-11dd-a935-001e8cb67b75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57f5e643-5800-11dd-a935-001e8cb67b75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57f5e643-5800-11dd-a935-001e8cb67b75}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b19ecc9e-4323-11de-8a12-001e8cb67b75}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4dfa2aa-44b1-11de-8265-001e8cb67b75}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb16c881-4f1d-11dd-92ed-001e8cb67b75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb16c881-4f1d-11dd-92ed-001e8cb67b75}\ not found.
File Cn911.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb16c884-4f1d-11dd-92ed-001e8cb67b75}\ not found.
File K:\LaunchU3.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\Users\Aido\AppData\Local\Temp\JET865F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTL by OldTimer - Version 2.1.1.0 log created on 06172009_183013
Files moved on Reboot...
File C:\Users\Aido\AppData\Local\Temp\JET865F.tmp not found!
Registry entries deleted on Reboot...
I didn't seem to have any problems with the chkdsk, I left it running while I was in work today and when I returned it was finished. Dont know if it has to do with the chkdsk but my computer seems to be booting a little faster than normal and generally running smoother.
Thanks again.