Last Post. Here's Everything.[RESOLVED]

[therealbigyo]

here you go my email is therealbigyatgmaildotcom if you want to email me thank you

OTL.Txt

Extras.Txt

Rooter_1.txt

[Rorschach112]

can you post the logs, not attach them. Don't make a topic for each one either

[therealbigyo]

OTL logfile created on: 7/7/2009 7:57:35 PM - Run 1

OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\THEREALBIGYO\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.18% Memory free

3.84 Gb Paging File | 3.41 Gb Available in Paging File | 88.92% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 61.64 Gb Total Space | 16.36 Gb Free Space | 26.54% Space Free | Partition Type: NTFS

Drive D: | 11.86 Gb Total Space | 0.12 Gb Free Space | 1.01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C

Current User Name: THEREALBIGYO

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()

PRC - C:\Program Files\Gamevance\gamevance32.exe ()

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)

PRC - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)

PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (AVP [Auto | Stopped]) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (gupdate1c9b02c15e611be [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)

DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)

DRV - (eabfiltr [system | Running]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (iaStor [boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (kl1 [boot | Running]) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (klbg [boot | Running]) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (KLIF [system | Running]) -- C:\WINDOWS\System32\DRIVERS\klif.sys (Kaspersky Lab)

DRV - (klim5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\klim5.sys (Kaspersky Lab)

DRV - (LachesisFltr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (nocashio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nocashio.sys ()

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)

DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (vmm [system | Running]) -- C:\WINDOWS\System32\Drivers\vmm.sys (Microsoft Corporation)

DRV - (VPCNetS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys (Microsoft Corporation)

DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (pgfilter [On_Demand | Running]) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found

IE - URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found

IE - URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AIM Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.tsoxprid: "ZKfox002RWUS"

FF - prefs.js..browser.search.param.tsoxtbid: "C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS"

FF - prefs.js..browser.search.selectedEngine: "AIM Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.myspace.com "

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.06.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/25 00:45:55 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/21 01:56:33 | 00,000,000 | ---D | M]

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/07/06 22:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

[2009/02/28 17:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009/06/21 01:56:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/03/28 23:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\[email protected]

[2009/06/21 01:57:02 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\aim-search.xml

[2009/02/20 15:24:03 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\ask.xml

[2009/03/28 23:37:55 | 00,002,236 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\askcom.xml

[2009/07/07 19:27:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/06/13 00:50:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/02/20 16:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2009/02/20 12:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/02/28 16:47:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/04/09 01:46:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/06/13 00:50:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/06/13 00:50:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2008/09/26 09:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll

[2009/06/13 00:50:06 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

[2009/04/22 22:44:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/04/22 22:44:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/01 19:57:48 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009/04/22 22:44:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/04/22 22:44:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/04/22 22:44:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/04/22 22:44:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Gamevance) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll (Gamevance LLC)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()

O4 - HKLM..\Run: [eabconfg.cpl] File not found

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)

O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejewele...ploader_v10.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/02 01:09:24 | 00,000,358 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 23:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2009/06/02 01:09:26 | 00,000,395 | RHS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{647c80f6-149a-11de-8c51-000fb0fd7915}\Shell\verb1\command - "" = desktop.exe

O33 - MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\Shell - "" = Autorun

O33 - MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com c:\

O33 - MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\Shell - "" = Autorun

O33 - MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com d:\

O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell - "" = Autorun

O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell\Open\command - "" = F:\RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com -- File not found

O33 - MountPoints2\C\Shell - "" = Autorun

O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\C\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com c:\

O33 - MountPoints2\D\Shell - "" = Autorun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com d:\

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/07 19:48:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:35:06 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/07/07 19:34:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:13:50 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/07/07 19:11:47 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/07/07 19:09:42 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:55:51 | 21,455,05280 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/06 22:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\AIM Toolbar

[2009/07/04 23:41:01 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/04 22:10:53 | 39,647,808 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 21:58:10 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2009/07/04 21:58:10 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2009/07/04 21:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab

[2009/07/04 21:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2009/07/04 21:57:15 | 00,227,344 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2009/07/04 21:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2009/07/03 21:59:20 | 08,114,720 | ---- | C] (Mozilla) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Firefox Setup 3.5.exe

[2009/07/03 21:32:46 | 00,014,496 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\05-30-09_1429.jpg

[2009/07/01 20:07:58 | 01,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\THEREALBIGYO\Desktop\install_flash_player.exe

[2009/07/01 01:02:34 | 04,310,720 | -H-- | C] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\IconCache.db

[2009/06/30 23:58:04 | 00,000,000 | ---D | C] -- C:\Program Files\Gamevance

[2009/06/30 20:17:31 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/06/30 20:17:31 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/06/22 00:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Desktop\New Folder

[2009/06/21 01:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility

[2009/06/21 01:56:28 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar

[2009/06/21 01:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar

[2009/06/21 01:55:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads

[2009/06/18 22:20:57 | 24,449,920 | ---- | C] (PC Tools ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\sdsetup(2).exe

[2009/06/16 01:05:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\speedupmypc3plc(2).exe

[2009/06/16 01:05:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\speedupmypc3plc.exe

[2009/06/15 01:14:35 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/06/15 01:10:51 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/06/15 01:07:07 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/06/15 01:05:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2009/06/15 01:05:34 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/06/15 01:05:29 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/06/15 01:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/06/15 01:01:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\zapSetup_80_400_020_en.exe

[2009/06/15 01:01:05 | 04,209,954 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\zapSetup_80_400_020_en.exe.part

[2009/06/15 00:58:46 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Ad-AwareAE.exe

[2009/06/15 00:37:55 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk

[2009/06/15 00:37:54 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL

[2009/06/15 00:37:52 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2009/06/15 00:32:48 | 24,449,664 | ---- | C] (PC Tools ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\sdsetup.exe

[2009/06/08 20:56:43 | 00,154,224 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\spyware doctor..JPG

[2009/06/08 13:03:45 | 03,247,736 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\THEREALBIGYO\Desktop\ccsetup220.exe

[2009/04/02 01:06:17 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/03/26 23:07:05 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys

[2006/02/22 02:55:17 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/02/22 02:53:30 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/02/22 02:36:47 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006/02/22 02:18:41 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/02/22 01:51:45 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/02/22 01:51:45 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/02/22 01:51:45 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/02/22 01:51:44 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/02/22 01:51:43 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005/12/02 03:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/17 10:39:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/08/17 10:21:06 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/08/17 09:59:14 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini

[2005/08/17 02:45:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2005/08/05 22:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 01,403,212 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\scan.pdf

[2049/12/31 16:00:00 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\HSZ Customer Consent Form.doc

[2009/07/07 19:48:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:34:14 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:25:18 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/07/07 19:24:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/07/07 19:24:20 | 00,000,005 | ---- | M] () -- C:\WINDOWS\sbacknt.bin

[2009/07/07 19:24:08 | 00,001,083 | -HS- | M] () -- C:\hpqp.ini

[2009/07/07 19:24:08 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini

[2009/07/07 19:24:07 | 00,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/07/07 19:24:06 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/07/07 19:24:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/07/07 19:24:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/07/07 19:23:59 | 21,455,05280 | -HS- | M] () -- C:\hiberfil.sys

[2009/07/07 19:13:50 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:11:47 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:09:44 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:54:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/07/07 18:54:01 | 00,000,209 | RHS- | M] () -- C:\boot.ini

[2009/07/07 18:45:22 | 04,310,720 | -H-- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\IconCache.db

[2009/07/07 03:22:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/07/06 22:24:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/07/06 21:44:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/05 00:45:33 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/05 00:45:33 | 00,009,446 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\wklnhst.dat

[2009/07/04 23:06:45 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/07/04 22:15:02 | 39,647,808 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 21:58:10 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2009/07/04 21:58:10 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2009/07/04 21:57:15 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2009/07/04 19:35:54 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2009/07/03 23:15:56 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/03 22:01:48 | 08,114,720 | ---- | M] (Mozilla) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Firefox Setup 3.5.exe

[2009/07/03 21:32:46 | 00,014,496 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\05-30-09_1429.jpg

[2009/07/01 20:08:55 | 01,878,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\THEREALBIGYO\Desktop\install_flash_player.exe

[2009/06/23 21:19:19 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2009/06/21 01:56:45 | 00,000,739 | -H-- | M] () -- C:\IPH.PH

[2009/06/21 01:56:25 | 00,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk

[2009/06/18 22:25:59 | 24,449,920 | ---- | M] (PC Tools ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\sdsetup(2).exe

[2009/06/16 01:05:57 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\speedupmypc3plc(2).exe

[2009/06/16 01:05:30 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\speedupmypc3plc.exe

[2009/06/15 01:17:38 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/06/15 01:05:34 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/06/15 01:04:13 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Ad-AwareAE.exe

[2009/06/15 01:02:19 | 04,209,954 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\zapSetup_80_400_020_en.exe.part

[2009/06/15 01:01:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\zapSetup_80_400_020_en.exe

[2009/06/15 00:37:55 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk

[2009/06/15 00:37:06 | 24,449,664 | ---- | M] (PC Tools ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\sdsetup.exe

[2009/06/08 20:56:43 | 00,154,224 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\spyware doctor..JPG

[2009/06/08 13:07:15 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\CCleaner.lnk

[2009/06/08 13:04:09 | 03,247,736 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\THEREALBIGYO\Desktop\ccsetup220.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52

< End of report >

OTL Extras logfile created on: 7/7/2009 7:57:35 PM - Run 1

OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\THEREALBIGYO\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.18% Memory free

3.84 Gb Paging File | 3.41 Gb Available in Paging File | 88.92% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 61.64 Gb Total Space | 16.36 Gb Free Space | 26.54% Space Free | Partition Type: NTFS

Drive D: | 11.86 Gb Total Space | 0.12 Gb Free Space | 1.01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C

Current User Name: THEREALBIGYO

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"13541:TCP" = 13541:TCP:*:Enabled:BitComet 13541 TCP

"13541:UDP" = 13541:UDP:*:Enabled:BitComet 13541 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus File not found

C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire File not found

C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client (www.BitComet.com)

C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)

C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)

C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()

C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)

C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)

C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()

C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )

C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)

C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies Demo ()

C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)

C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600

"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009

"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1

"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig

"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery

"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis

"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth

"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes

"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2

"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AIM Toolbar" = AIM Toolbar

"AIM_6" = AIM 6

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"BitComet" = BitComet 1.09

"CCleaner" = CCleaner (remove only)

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP

"D44822B3621EFD220D3A7DDA72DE5A4B6476748F" = Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)

"ERUNT_is1" = ERUNT 1.1j

"Gamevance" = Gamevance

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HP Imaging Device Functions" = HP Imaging Device Functions 6.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PeerGuardian_is1" = PeerGuardian 2.0

"PROSet" = Intel® PRO Network Connections Drivers

"Registry Mechanic_is1" = Registry Mechanic 8.0

"Softonic_English Toolbar" = Softonic_English Toolbar

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Steam App 3592" = Plants Vs Zombies Demo

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The KMPlayer" = The KMPlayer 2.9.4.1434

"vghd" = VirtuaGirl HD

"ViewpointMediaPlayer" = Viewpoint Media Player

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/30/2009 12:48:28 PM | Computer Name = YOUR-727A0A4E7C | Source = Google Update | ID = 20

Description =

Error - 5/30/2009 1:48:28 PM | Computer Name = YOUR-727A0A4E7C | Source = Google Update | ID = 20

Description =

Error - 5/30/2009 3:41:16 PM | Computer Name = YOUR-727A0A4E7C | Source = Google Update | ID = 20

Description =

Error - 5/30/2009 8:26:51 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000

Description = Faulting application steam.exe, version 1.0.0.0, faulting module steamclient.dll,

version 3.0.0.1, fault address 0x0012e093.

Error - 5/30/2009 9:46:33 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002

Description = Hanging application KMPlayer.exe, version 2.9.4.1434, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 10:26:30 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002

Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 10:26:32 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1001

Description = Fault bucket 337816799.

Error - 5/30/2009 10:53:38 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000

Description = Faulting application maw.bin, version 0.0.0.0, faulting module d3d9.dll,

version 5.3.2600.5512, fault address 0x00097306.

Error - 5/31/2009 1:13:51 AM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/31/2009 1:13:54 AM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

[ System Events ]

Error - 7/7/2009 9:54:17 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/7/2009 9:56:26 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus

service to connect.

Error - 7/7/2009 9:56:26 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000

Description = The Kaspersky Anti-Virus service failed to start due to the following

error: %%1053

Error - 7/7/2009 9:56:42 PM | Computer Name = YOUR-727A0A4E7C | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 7/7/2009 10:17:04 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus

service to connect.

Error - 7/7/2009 10:17:04 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000

Description = The Kaspersky Anti-Virus service failed to start due to the following

error: %%1053

Error - 7/7/2009 10:17:13 PM | Computer Name = YOUR-727A0A4E7C | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 7/7/2009 10:24:42 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus

service to connect.

Error - 7/7/2009 10:24:42 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000

Description = The Kaspersky Anti-Virus service failed to start due to the following

error: %%1053

Error - 7/7/2009 10:24:53 PM | Computer Name = YOUR-727A0A4E7C | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

< End of report >

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP . (5.1.2600) Service Pack 3

[32_bits] - x86 Family 6 Model 14 Stepping 8, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Enabled

.

Internet Explorer 8.0.6001.18702

Mozilla Firefox 3.0.11 (en-US)

.

C:\ [Fixed-NTFS] .. ( Total:61 Go - Free:16 Go )

D:\ [Fixed-FAT32] .. ( Total:11 Go - Free:0 Go )

E:\ [CD_Rom]

.

Scan : 19:34.51

Path : C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

User : THEREALBIGYO ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (1816)

______ \??\C:\WINDOWS\system32\csrss.exe (1864)

______ \??\C:\WINDOWS\system32\winlogon.exe (1888)

______ C:\WINDOWS\system32\services.exe (1932)

______ C:\WINDOWS\system32\lsass.exe (1944)

______ C:\WINDOWS\system32\svchost.exe (236)

______ C:\WINDOWS\system32\svchost.exe (368)

______ C:\WINDOWS\System32\svchost.exe (416)

______ C:\WINDOWS\system32\svchost.exe (612)

______ C:\WINDOWS\system32\svchost.exe (664)

______ C:\WINDOWS\system32\spoolsv.exe (1184)

______ C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (1440)

______ C:\WINDOWS\Explorer.EXE (1492)

______ C:\WINDOWS\ehome\ehtray.exe (1628)

______ C:\WINDOWS\system32\RUNDLL32.EXE (1644)

______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1680)

______ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (1688)

______ C:\Program Files\HP\QuickPlay\QPService.exe (1696)

______ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (1704)

______ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (1744)

______ C:\Program Files\Java\jre6\bin\jusched.exe (1752)

______ C:\Program Files\Razer\Lachesis\razerhid.exe (1776)

______ C:\Program Files\Gamevance\gamevance32.exe (1860)

______ C:\Program Files\iTunes\iTunesHelper.exe (584)

______ C:\Program Files\Registry Mechanic\RegMech.exe (828)

______ C:\WINDOWS\system32\ctfmon.exe (860)

______ C:\Program Files\PeerGuardian2\pg2.exe (868)

______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (908)

______ C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (988)

______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (928)

______ C:\Program Files\Razer\Lachesis\OSD.exe (1560)

______ C:\Program Files\Razer\Lachesis\razertra.exe (1096)

______ C:\WINDOWS\system32\svchost.exe (1576)

______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1788)

______ C:\Program Files\Bonjour\mDNSResponder.exe (128)

______ C:\WINDOWS\eHome\ehRecvr.exe (292)

______ C:\WINDOWS\eHome\ehSched.exe (736)

______ C:\Program Files\Java\jre6\bin\jqs.exe (1352)

______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2196)

______ C:\WINDOWS\system32\nvsvc32.exe (2248)

______ C:\WINDOWS\system32\svchost.exe (2648)

______ C:\WINDOWS\system32\svchost.exe (2812)

______ C:\Program Files\Viewpoint\Common\ViewpointService.exe (2976)

______ C:\WINDOWS\ehome\mcrdsvc.exe (3080)

______ C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (3160)

______ C:\Program Files\Razer\Lachesis\razerofa.exe (3192)

______ C:\Program Files\iPod\bin\iPodService.exe (3916)

______ C:\WINDOWS\system32\dllhost.exe (560)

______ C:\WINDOWS\system32\wbem\wmiprvse.exe (604)

______ C:\WINDOWS\system32\wscntfy.exe (1264)

______ C:\WINDOWS\eHome\ehmsas.exe (2080)

______ C:\WINDOWS\System32\alg.exe (2272)

______ C:\WINDOWS\system32\msiexec.exe (2512)

______ C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (2588)

______ C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE (4036)

______ C:\Program Files\Mozilla Firefox\firefox.exe (756)

______ C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe (3656)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:66180570624)

\Device\Harddisk0\Partition2 (Start_Offset:66188828160 | Length:12757409280)

\Device\Harddisk0\Partition3 (Start_Offset:78946237440 | Length:1077511680)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\Google Software Updater.job

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\Tasks\SA.DAT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 19:35.06

.

C:\Rooter$\Rooter_1.txt - (07/07/2009 | 19:35.06)

[Rorschach112]

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
  IE - URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found
  IE - URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
  FF - prefs.js..browser.search.defaultengine: "Ask.com"
  FF - prefs.js..browser.search.order.1: "Ask.com"
  FF - prefs.js..browser.search.param.tsoxprid: "ZKfox002RWUS"
  FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor="
  [2009/02/20 15:24:03 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\ask.xml
  [2009/03/28 23:37:55 | 00,002,236 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\askcom.xml
  O2 - BHO: (Gamevance) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll ()
  O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll (Gamevance LLC)
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200
  O33 - MountPoints2\{647c80f6-149a-11de-8c51-000fb0fd7915}\Shell\verb1\command - "" = desktop.exe
  O33 - MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\Shell - "" = Autorun
  O33 - MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com c:\
  O33 - MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\Shell - "" = Autorun
  O33 - MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com d:\
  O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell - "" = Autorun
  O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell\Open\command - "" = F:\RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com -- File not found
  O33 - MountPoints2\C\Shell - "" = Autorun
  O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\C\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com c:\
  O33 - MountPoints2\D\Shell - "" = Autorun
  O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\D\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com d:\
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[therealbigyo]

hi i ran OTL with the code you gave me and here is what popped up after i rebooted. But i couldn't download combofix.exe because link one keeps sending me to a page that says 404 Not Found. and link 2 is in spanish and i can't read that.

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} not found.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "ZKfox002RWUS" removed from browser.search.param.tsoxprid

Prefs.js: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor=" removed from keyword.URL

C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\ask.xml moved successfully.

C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\askcom.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\ deleted successfully.

C:\Program Files\Gamevance\gamevancelib32.dll unregistered successfully.

C:\Program Files\Gamevance\gamevancelib32.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ deleted successfully.

C:\Program Files\Gamevance\gvtl.dll unregistered successfully.

C:\Program Files\Gamevance\gvtl.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Gamevance deleted successfully.

C:\Program Files\Gamevance\gamevance32.exe moved successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{647c80f6-149a-11de-8c51-000fb0fd7915}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{647c80f6-149a-11de-8c51-000fb0fd7915}\ not found.

File desktop.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69610b76-fec1-11dd-8c20-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69610b76-fec1-11dd-8c20-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69610b76-fec1-11dd-8c20-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69610b76-fec1-11dd-8c20-806d6172696f}\ not found.

File C:\RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com c:\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69610b77-fec1-11dd-8c20-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69610b77-fec1-11dd-8c20-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69610b77-fec1-11dd-8c20-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69610b77-fec1-11dd-8c20-806d6172696f}\ not found.

File C:\RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com d:\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8410680a-00b8-11de-8c27-000fb0fd7915}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8410680a-00b8-11de-8c27-000fb0fd7915}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8410680a-00b8-11de-8c27-000fb0fd7915}\ not found.

File F:\RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.

File C:\RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com c:\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.

File C:\RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com d:\ not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: THEREALBIGYO

->Temp folder emptied: 1652562 bytes

->Temporary Internet Files folder emptied: 819899 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 77717641 bytes

->Google Chrome cache emptied: 1143 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 16384 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 76.52 mb

OTL by OldTimer - Version 3.0.6.5 log created on 07082009_192305

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited July 9, 2009 by therealbigyo

[therealbigyo]

Well i somehow navigated through Link 2 which brought me to some kind of a spanish forum and then i somehow navigated to combofix, i believe i downloaded it using firefox downloads and then i clicked it and a thing popped up that said run or cancel and nothing happened. i tried it like 5 more times still nothing.

[therealbigyo]

HI I'VE DONE IT! idk it just loading finally after a few times after i clicked link 2. well here you go. btw after combofix ran my background image changed from blocks of an image to one blown up one if it means anything. but anyways here. thanks and enjoy.

ComboFix 09-07-08.04 - THEREALBIGYO 07/08/2009 19:57.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1724 [GMT -7:00]

Running from: c:\documents and settings\THEREALBIGYO\Desktop\ComboFixNew.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\Installer\dc38d6.msp

c:\windows\Installer\dc394e.msp

c:\windows\kb913800.exe

c:\windows\system32\drivers\gxvxcbirvimrmkklroyxtexmoqooruhhoseyf.sys

c:\windows\system32\drivers\gxvxcclqlpxgwkiiejempalnlmgjoyptqrpao.sys

c:\windows\system32\drivers\gxvxcijnmtkafrqlcjcvjlabgruocbpkdladl.sys

c:\windows\system32\gxvxccount

c:\windows\system32\gxvxcredoifektefiyfxmvxdynpxabfhidqab.dll

c:\windows\system32\gxvxcxrdslmnspawgrpexyohuymlrujyoaryk.dll

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_GXVXCSERV.SYS

((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))

.

2009-07-08 02:11 . 2009-07-08 02:11 -------- d-----w- c:\program files\ERUNT

2009-07-07 05:12 . 2009-07-07 05:12 -------- d-----w- c:\documents and settings\THEREALBIGYO\Local Settings\Application Data\AIM Toolbar

2009-07-05 04:44 . 2009-07-05 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-07-05 04:16 . 2009-07-05 04:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar

2009-07-05 04:15 . 2009-07-05 04:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-07-01 06:58 . 2009-07-09 02:23 -------- d-----w- c:\program files\Gamevance

2009-06-21 08:56 . 2009-06-21 08:56 -------- d-----w- c:\program files\Common Files\Software Update Utility

2009-06-21 08:56 . 2009-06-21 08:56 -------- d-----w- c:\program files\AIM Toolbar

2009-06-21 08:56 . 2009-06-21 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar

2009-06-15 18:36 . 2009-06-15 18:36 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-06-15 18:31 . 2009-06-15 18:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-06-15 08:14 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-06-15 08:07 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-06-15 08:05 . 2009-06-15 08:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-06-15 08:05 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe

2009-06-15 08:05 . 2009-06-15 08:05 -------- d-----w- c:\program files\Lavasoft

2009-06-15 08:05 . 2009-06-15 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-06-11 05:15 . 2009-06-11 05:15 152576 ----a-w- c:\documents and settings\THEREALBIGYO\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-09 02:29 . 2009-02-20 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-07-09 02:26 . 2009-04-10 01:58 -------- d-----w- c:\program files\PeerGuardian2

2009-07-09 02:26 . 2009-04-22 21:16 5 ----a-w- c:\windows\sbacknt.bin

2009-07-07 05:12 . 2009-04-12 06:34 -------- d-----w- c:\program files\Softonic_English

2009-07-07 04:49 . 2009-03-29 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-07-05 07:45 . 2009-03-13 05:55 9446 ----a-w- c:\documents and settings\THEREALBIGYO\Application Data\wklnhst.dat

2009-07-05 06:10 . 2009-03-01 00:31 -------- d-----w- c:\program files\BitComet

2009-07-05 06:07 . 2009-02-20 23:45 -------- d-----w- c:\documents and settings\THEREALBIGYO\Application Data\Skype

2009-07-05 05:21 . 2009-05-20 01:47 -------- d-----w- c:\program files\Steam

2009-07-05 04:30 . 2009-02-20 23:46 -------- d-----w- c:\documents and settings\THEREALBIGYO\Application Data\skypePM

2009-06-21 08:56 . 2009-03-16 06:18 -------- d-----w- c:\program files\AIM6

2009-06-21 08:56 . 2009-03-16 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-06-21 08:55 . 2009-06-21 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads

2009-06-09 03:30 . 2009-05-28 03:59 -------- d-----w- c:\program files\MpcStar

2009-06-06 06:26 . 2009-06-02 07:52 -------- d-----w- c:\program files\DivX

2009-06-02 08:07 . 2009-06-02 08:07 -------- d-----w- c:\program files\iTunes

2009-06-02 08:07 . 2009-06-02 08:07 -------- d-----w- c:\program files\iPod

2009-06-02 08:07 . 2009-02-20 19:59 -------- d-----w- c:\program files\Common Files\Apple

2009-06-02 08:06 . 2009-06-02 08:05 -------- d-----w- c:\program files\QuickTime

2009-06-02 07:56 . 2006-02-22 09:52 -------- d-----w- c:\program files\Google

2009-06-02 07:51 . 2009-06-02 07:51 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-05-31 01:11 . 2009-05-31 01:10 -------- d-----w- c:\documents and settings\THEREALBIGYO\Application Data\Media Player Classic

2009-05-30 04:43 . 2009-05-14 06:05 -------- d-----w- c:\program files\Yahoo!

2009-05-30 04:36 . 2006-02-22 09:47 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-05-30 04:22 . 2009-05-30 04:22 -------- d-----w- c:\program files\Microsoft Virtual PC

2009-05-28 05:06 . 2009-05-28 05:06 -------- d-----w- c:\documents and settings\THEREALBIGYO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-05-28 04:01 . 2009-05-28 04:00 -------- d-----w- c:\documents and settings\THEREALBIGYO\Application Data\TigerPlayer

2009-05-26 15:47 . 2009-05-26 15:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-05-26 15:47 . 2009-05-28 05:05 38200 ----a-w- c:\documents and settings\THEREALBIGYO\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-05-26 15:27 . 2009-05-26 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-05-26 15:27 . 2009-05-26 15:27 -------- d-----w- c:\program files\NOS

2009-05-26 06:39 . 2009-03-01 14:10 -------- d-----w- c:\documents and settings\THEREALBIGYO\Application Data\AdobeUM

2009-05-24 08:14 . 2009-05-24 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy

2009-05-23 07:40 . 2009-05-20 02:03 25 ----a-w- c:\windows\popcinfot.dat

2009-05-22 23:04 . 2009-05-22 23:04 -------- d-----w- c:\documents and settings\THEREALBIGYO\Application Data\Braid

2009-05-22 22:37 . 2009-05-22 22:35 -------- d-----w- c:\documents and settings\THEREALBIGYO\Application Data\Crayon Physics Deluxe

2009-05-19 08:36 . 2009-06-21 08:55 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe

2009-05-19 08:36 . 2009-06-21 08:55 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe

2009-05-19 08:36 . 2009-06-21 08:55 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat

2009-05-19 08:36 . 2009-06-21 08:55 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat

2009-05-19 08:36 . 2009-06-21 08:55 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe

2009-05-19 08:36 . 2009-06-21 08:55 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe

2009-05-19 08:36 . 2009-06-21 08:55 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe

2009-05-19 08:36 . 2009-06-21 08:55 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll

2009-05-10 09:07 . 2009-05-10 09:07 -------- d-----w- c:\program files\Windows Media Connect 2

2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll

2009-04-28 08:15 . 2009-04-28 08:15 1019904 ----a-w- c:\documents and settings\THEREALBIGYO\Launcher.exe

2009-04-22 21:13 . 2009-04-22 21:13 152904 ----a-w- c:\windows\system32\vghd.scr

2009-04-15 20:25 . 2005-04-25 10:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys

2009-02-20 01:03 . 2009-02-20 01:03 22 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

2009-07-07 05:12 2215960 ----a-w- c:\program files\Softonic_English\tbSof0.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-05-27 2832280]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-15 86016]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-14 507904]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-15 1519616]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2005-11-08 61952]

c:\documents and settings\THEREALBIGYO\Start Menu\Programs\Startup\

DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-4-22 402768]

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13541:TCP"= 13541:TCP:BitComet 13541 TCP

"13541:UDP"= 13541:UDP:BitComet 13541 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/15/2009 11:19 PM 24652]

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [4/24/2009 11:10 PM 12032]

S2 gupdate1c9b02c15e611be;Google Update Service (gupdate1c9b02c15e611be);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2009 10:06 PM 133104]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/26/2009 8:27 AM 33176]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-07-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 05:04]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 05:06]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 05:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

FF - ProfilePath - c:\documents and settings\THEREALBIGYO\Application Data\Mozilla\Firefox\Profiles\jnxx19sp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: browser.startup.homepage - www.myspace.com

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor=

FF - component: c:\documents and settings\THEREALBIGYO\Application Data\Mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-08 20:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????g?n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-07-09 20:02

ComboFix-quarantined-files.txt 2009-07-09 03:02

Pre-Run: 16,657,838,080 bytes free

Post-Run: 16,637,374,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4

231 --- E O F --- 2009-05-26 23:56

[Rorschach112]

hi

Download TFC to your desktop

• Open the file and close any other windows.
  
• It will close all programs itself when run, make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job
  
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
  

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
     

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[therealbigyo]

Malwarebytes' Anti-Malware 1.38

Database version: 2297

Windows 5.1.2600 Service Pack 3

7/9/2009 6:29:30 PM

mbam-log-2009-07-09 (18-29-30).txt

Scan type: Quick Scan

Objects scanned: 93103

Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.111,85.255.112.200 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1440cb54-57d5-4815-ab66-33c78dde045a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.111,85.255.112.200 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{237439c1-cbdd-429f-a998-d1650a7891b6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.111,85.255.112.200 -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.

c:\program files\gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.

c:\program files\gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.

[therealbigyo]

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Friday, July 10, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Friday, July 10, 2009 07:11:35

Records in database: 2454193

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Files scanned: 68713

Threat name: 4

Infected objects: 5

Suspicious objects: 0

Duration of the scan: 01:54:45

File name / Threat name / Threats count

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcbirvimrmkklroyxtexmoqooruhhoseyf.sys.vir Infected: Rootkit.Win32.Agent.llg 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcclqlpxgwkiiejempalnlmgjoyptqrpao.sys.vir Infected: Rootkit.Win32.Agent.llg 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcijnmtkafrqlcjcvjlabgruocbpkdladl.sys.vir Infected: Trojan.Win32.Tdss.aghr 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcredoifektefiyfxmvxdynpxabfhidqab.dll.vir Infected: Trojan.Win32.Agent2.kny 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcxrdslmnspawgrpexyohuymlrujyoaryk.dll.vir Infected: Trojan.Win32.Agent2.kit 1

The selected area was scanned.

[Rorschach112]

update mbam, run a quick scan again, post that log

also open OTL, click Quick Scan, post that log too

[therealbigyo]

Malwarebytes' Anti-Malware 1.38

Database version: 2404

Windows 5.1.2600 Service Pack 3

7/10/2009 12:49:58 PM

mbam-log-2009-07-10 (12-49-58).txt

Scan type: Quick Scan

Objects scanned: 98852

Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

OTL logfile created on: 7/10/2009 12:50:57 PM - Run 2

OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\THEREALBIGYO\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.28% Memory free

3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.26% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 61.64 Gb Total Space | 14.60 Gb Free Space | 23.69% Space Free | Partition Type: NTFS

Drive D: | 11.86 Gb Total Space | 0.12 Gb Free Space | 1.01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C

Current User Name: THEREALBIGYO

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 7 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)

PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)

PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (gupdate1c9b02c15e611be [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found

IE - URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found

IE - URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: "AIM Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.param.tsoxprid: ""

FF - prefs.js..browser.search.param.tsoxtbid: "C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS"

FF - prefs.js..browser.search.selectedEngine: "AIM Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.myspace.com "

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.06.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/25 00:45:55 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/21 01:56:33 | 00,000,000 | ---D | M]

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/07/06 22:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

[2009/02/28 17:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009/06/21 01:56:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/03/28 23:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\[email protected]

[2009/06/21 01:57:02 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\aim-search.xml

[2009/07/10 12:22:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/06/13 00:50:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/02/20 16:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2009/02/20 12:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/02/28 16:47:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/04/09 01:46:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/06/13 00:50:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/06/13 00:50:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2008/09/26 09:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll

[2009/06/13 00:50:06 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

[2009/04/22 22:44:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/04/22 22:44:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/01 19:57:48 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009/04/22 22:44:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/04/22 22:44:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/04/22 22:44:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/04/22 22:44:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()

O4 - HKLM..\Run: [eabconfg.cpl] File not found

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [bitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)

O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 23:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 7 Days ==========

[2009/07/09 18:50:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\My Documents\Sociology 1

[2009/07/09 18:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Application Data\Malwarebytes

[2009/07/09 18:23:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/09 18:23:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/09 18:23:40 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/09 18:23:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/09 18:23:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/07/09 18:23:04 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\mbam-setup.exe

[2009/07/09 18:20:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/07/09 02:30:46 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2009/07/08 20:01:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009/07/08 19:47:01 | 00,000,209 | ---- | C] () -- C:\Boot.bak

[2009/07/08 19:46:55 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/07/08 19:46:54 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/07/08 19:45:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/07/08 19:45:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/07/08 19:45:05 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/07/08 19:45:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/07/08 19:45:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/07/08 19:45:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/07/08 19:45:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/07/08 19:45:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/07/08 19:44:59 | 00,000,000 | --SD | C] -- C:\ComboFixNew

[2009/07/08 19:41:23 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/07/08 19:41:08 | 03,047,032 | R--- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ComboFixNew.exe

[2009/07/08 19:23:05 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/07/07 19:48:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:35:06 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/07/07 19:34:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:13:50 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/07/07 19:11:47 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/07/07 19:09:42 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:55:51 | 21,455,05280 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/06 22:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\AIM Toolbar

[2009/07/04 23:41:01 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/04 22:10:53 | 39,647,808 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 21:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2009/07/03 21:59:20 | 08,114,720 | ---- | C] (Mozilla) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Firefox Setup 3.5.exe

[2009/07/03 21:32:46 | 00,014,496 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\05-30-09_1429.jpg

========== Files - Modified Within 7 Days ==========

[2049/12/31 16:00:00 | 01,403,212 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\scan.pdf

[2049/12/31 16:00:00 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\HSZ Customer Consent Form.doc

[2009/07/10 12:22:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/07/10 12:20:46 | 00,000,005 | ---- | M] () -- C:\WINDOWS\sbacknt.bin

[2009/07/10 12:19:58 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/07/10 12:19:42 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/07/10 12:19:03 | 00,001,137 | -HS- | M] () -- C:\hpqp.ini

[2009/07/10 12:19:01 | 00,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/07/10 12:19:01 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini

[2009/07/10 12:18:58 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/07/10 12:18:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/07/10 12:18:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/07/10 12:18:51 | 21,455,05280 | -HS- | M] () -- C:\hiberfil.sys

[2009/07/10 01:43:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/07/10 01:06:29 | 00,009,834 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\wklnhst.dat

[2009/07/09 23:17:07 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/07/09 18:23:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/09 18:23:23 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\mbam-setup.exe

[2009/07/09 10:18:49 | 00,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/07/09 02:30:26 | 04,842,354 | -H-- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\IconCache.db

[2009/07/08 20:01:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/07/08 19:47:01 | 00,000,279 | RHS- | M] () -- C:\boot.ini

[2009/07/08 19:41:08 | 03,047,032 | R--- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ComboFixNew.exe

[2009/07/07 19:48:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:34:14 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:13:50 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:11:47 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:09:44 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:54:01 | 00,000,209 | ---- | M] () -- C:\Boot.bak

[2009/07/06 21:44:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/05 00:45:33 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/04 23:06:45 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/07/04 22:15:02 | 39,647,808 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 19:35:54 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2009/07/03 23:15:56 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/03 22:01:48 | 08,114,720 | ---- | M] (Mozilla) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Firefox Setup 3.5.exe

[2009/07/03 21:32:46 | 00,014,496 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\05-30-09_1429.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52

< End of report >

[Rorschach112]

nearly done

make sure firefox is closed for this step

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor="
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[therealbigyo]

All processes killed

========== OTL ==========

Prefs.js: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor=" removed from keyword.URL

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: THEREALBIGYO

->Temp folder emptied: 73376243 bytes

->Temporary Internet Files folder emptied: 7388543 bytes

->Java cache emptied: 127535 bytes

->FireFox cache emptied: 82332647 bytes

->Google Chrome cache emptied: 742 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 10240 bytes

Total Files Cleaned = 155.71 mb

OTL by OldTimer - Version 3.0.6.5 log created on 07102009_192209

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 7/10/2009 7:25:53 PM - Run 3

OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\THEREALBIGYO\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.46% Memory free

3.85 Gb Paging File | 3.58 Gb Available in Paging File | 93.05% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 61.64 Gb Total Space | 14.68 Gb Free Space | 23.82% Space Free | Partition Type: NTFS

Drive D: | 11.86 Gb Total Space | 0.12 Gb Free Space | 1.01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C

Current User Name: THEREALBIGYO

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 7 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)

PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()

PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()

PRC - C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Hewlett-Packard Co.)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (gupdate1c9b02c15e611be [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found

IE - URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found

IE - URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: "AIM Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.param.tsoxprid: ""

FF - prefs.js..browser.search.param.tsoxtbid: "C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS"

FF - prefs.js..browser.search.selectedEngine: "AIM Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.myspace.com "

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.06.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/25 00:45:55 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/21 01:56:33 | 00,000,000 | ---D | M]

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/07/10 12:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

[2009/02/28 17:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009/06/21 01:56:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/03/28 23:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\[email protected]

[2009/06/21 01:57:02 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\aim-search.xml

[2009/07/10 19:24:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/06/13 00:50:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/02/20 16:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2009/02/20 12:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/02/28 16:47:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/04/09 01:46:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/06/13 00:50:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/06/13 00:50:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2008/09/26 09:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll

[2009/06/13 00:50:06 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

[2009/04/22 22:44:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/04/22 22:44:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/01 19:57:48 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009/04/22 22:44:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/04/22 22:44:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/04/22 22:44:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/04/22 22:44:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()

O4 - HKLM..\Run: [eabconfg.cpl] File not found

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [bitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)

O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 23:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 7 Days ==========

[2009/07/09 18:50:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\My Documents\Sociology 1

[2009/07/09 18:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Application Data\Malwarebytes

[2009/07/09 18:23:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/09 18:23:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/09 18:23:40 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/09 18:23:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/09 18:23:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/07/09 18:23:04 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\mbam-setup.exe

[2009/07/09 18:20:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/07/09 02:30:46 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2009/07/08 20:01:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009/07/08 19:47:01 | 00,000,209 | ---- | C] () -- C:\Boot.bak

[2009/07/08 19:46:55 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/07/08 19:46:54 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/07/08 19:45:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/07/08 19:45:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/07/08 19:45:05 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/07/08 19:45:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/07/08 19:45:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/07/08 19:45:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/07/08 19:45:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/07/08 19:45:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/07/08 19:44:59 | 00,000,000 | --SD | C] -- C:\ComboFixNew

[2009/07/08 19:41:23 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/07/08 19:41:08 | 03,047,032 | R--- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ComboFixNew.exe

[2009/07/08 19:23:05 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/07/07 19:48:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:35:06 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/07/07 19:34:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:13:50 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/07/07 19:11:47 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/07/07 19:09:42 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:55:51 | 21,455,05280 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/06 22:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\AIM Toolbar

[2009/07/04 23:41:01 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/04 22:10:53 | 39,647,808 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 21:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2009/07/03 21:59:20 | 08,114,720 | ---- | C] (Mozilla) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Firefox Setup 3.5.exe

[2009/07/03 21:32:46 | 00,014,496 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\05-30-09_1429.jpg

========== Files - Modified Within 7 Days ==========

[2049/12/31 16:00:00 | 01,403,212 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\scan.pdf

[2049/12/31 16:00:00 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\HSZ Customer Consent Form.doc

[2009/07/10 19:24:32 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/07/10 19:24:16 | 00,000,005 | ---- | M] () -- C:\WINDOWS\sbacknt.bin

[2009/07/10 19:24:06 | 00,001,137 | -HS- | M] () -- C:\hpqp.ini

[2009/07/10 19:24:04 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini

[2009/07/10 19:24:03 | 00,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/07/10 19:23:53 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/07/10 19:23:27 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/07/10 19:23:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/07/10 19:23:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/07/10 19:23:21 | 21,455,05280 | -HS- | M] () -- C:\hiberfil.sys

[2009/07/10 19:22:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/07/10 01:43:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/07/10 01:06:29 | 00,009,834 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\wklnhst.dat

[2009/07/09 23:17:07 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/07/09 18:23:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/09 18:23:23 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\mbam-setup.exe

[2009/07/09 10:18:49 | 00,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/07/09 02:30:26 | 04,842,354 | -H-- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\IconCache.db

[2009/07/08 20:01:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/07/08 19:47:01 | 00,000,279 | RHS- | M] () -- C:\boot.ini

[2009/07/08 19:41:08 | 03,047,032 | R--- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ComboFixNew.exe

[2009/07/07 19:48:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:34:14 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:13:50 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:11:47 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:09:44 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:54:01 | 00,000,209 | ---- | M] () -- C:\Boot.bak

[2009/07/06 21:44:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/05 00:45:33 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/04 23:06:45 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/07/04 22:15:02 | 39,647,808 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 19:35:54 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2009/07/03 23:15:56 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/03 22:01:48 | 08,114,720 | ---- | M] (Mozilla) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Firefox Setup 3.5.exe

[2009/07/03 21:32:46 | 00,014,496 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\05-30-09_1429.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52

< End of report >

[Rorschach112]

can you boot into safe mode and try that fix again please

[therealbigyo]

ok so i booted into safe mode, and ran the fix with the code you gave me. and then when otl rebooted my computer i booted into normal windows. then i ran quick scan in windows mode. is this what you wanted?

All processes killed

========== OTL ==========

Prefs.js: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor=" removed from keyword.URL

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: THEREALBIGYO

->Temp folder emptied: 31342 bytes

->Temporary Internet Files folder emptied: 421781 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 27015401 bytes

->Google Chrome cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.26 mb

OTL by OldTimer - Version 3.0.6.5 log created on 07112009_150615

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 7/11/2009 3:10:56 PM - Run 4

OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\THEREALBIGYO\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.60% Memory free

3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.53% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 61.64 Gb Total Space | 14.63 Gb Free Space | 23.73% Space Free | Partition Type: NTFS

Drive D: | 11.86 Gb Total Space | 0.12 Gb Free Space | 1.01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C

Current User Name: THEREALBIGYO

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 7 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)

PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()

PRC - C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (gupdate1c9b02c15e611be [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found

IE - URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found

IE - URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: "AIM Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.param.tsoxprid: ""

FF - prefs.js..browser.search.param.tsoxtbid: "C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS"

FF - prefs.js..browser.search.selectedEngine: "AIM Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.myspace.com "

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.06.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/25 00:45:55 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/21 01:56:33 | 00,000,000 | ---D | M]

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/07/10 12:32:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

[2009/02/28 17:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009/06/21 01:56:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/03/28 23:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\[email protected]

[2009/06/21 01:57:02 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\aim-search.xml

[2009/07/11 15:08:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/06/13 00:50:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/02/20 16:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2009/02/20 12:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/02/28 16:47:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/04/09 01:46:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/06/13 00:50:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/06/13 00:50:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2008/09/26 09:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll

[2009/06/13 00:50:06 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

[2009/04/22 22:44:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/04/22 22:44:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/01 19:57:48 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009/04/22 22:44:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/04/22 22:44:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/04/22 22:44:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/04/22 22:44:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()

O4 - HKLM..\Run: [eabconfg.cpl] File not found

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [bitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)

O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 23:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 7 Days ==========

[2009/07/11 15:07:10 | 21,455,05280 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/09 18:50:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\My Documents\Sociology 1

[2009/07/09 18:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Application Data\Malwarebytes

[2009/07/09 18:23:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/09 18:23:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/09 18:23:40 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/09 18:23:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/09 18:23:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/07/09 18:23:04 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\mbam-setup.exe

[2009/07/09 18:20:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/07/09 02:30:46 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2009/07/08 20:01:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009/07/08 19:47:01 | 00,000,209 | ---- | C] () -- C:\Boot.bak

[2009/07/08 19:46:55 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/07/08 19:46:54 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/07/08 19:45:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/07/08 19:45:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/07/08 19:45:05 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/07/08 19:45:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/07/08 19:45:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/07/08 19:45:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/07/08 19:45:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/07/08 19:45:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/07/08 19:44:59 | 00,000,000 | --SD | C] -- C:\ComboFixNew

[2009/07/08 19:41:23 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/07/08 19:41:08 | 03,047,032 | R--- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ComboFixNew.exe

[2009/07/08 19:23:05 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/07/07 19:48:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:35:06 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/07/07 19:34:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:13:50 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/07/07 19:11:47 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/07/07 19:09:42 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/06 22:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\AIM Toolbar

[2009/07/04 23:41:01 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/04 22:10:53 | 39,647,808 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 21:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

========== Files - Modified Within 7 Days ==========

[2049/12/31 16:00:00 | 01,403,212 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\scan.pdf

[2049/12/31 16:00:00 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\HSZ Customer Consent Form.doc

[2009/07/11 15:08:35 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/07/11 15:08:03 | 00,000,005 | ---- | M] () -- C:\WINDOWS\sbacknt.bin

[2009/07/11 15:07:55 | 00,001,137 | -HS- | M] () -- C:\hpqp.ini

[2009/07/11 15:07:53 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini

[2009/07/11 15:07:52 | 00,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/07/11 15:07:42 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/07/11 15:07:15 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/07/11 15:07:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/07/11 15:07:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/07/11 15:07:10 | 21,455,05280 | -HS- | M] () -- C:\hiberfil.sys

[2009/07/10 19:22:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/07/10 01:43:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/07/10 01:06:29 | 00,009,834 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\wklnhst.dat

[2009/07/09 23:17:07 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/07/09 18:23:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/07/09 18:23:23 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\mbam-setup.exe

[2009/07/09 10:18:49 | 00,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/07/09 02:30:26 | 04,842,354 | -H-- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\IconCache.db

[2009/07/08 20:01:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/07/08 19:47:01 | 00,000,279 | RHS- | M] () -- C:\boot.ini

[2009/07/08 19:41:08 | 03,047,032 | R--- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ComboFixNew.exe

[2009/07/07 19:48:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:34:14 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:13:50 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:11:47 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:09:44 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:54:01 | 00,000,209 | ---- | M] () -- C:\Boot.bak

[2009/07/06 21:44:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/05 00:45:33 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/04 23:06:45 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/07/04 22:15:02 | 39,647,808 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 19:35:54 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52

< End of report >

[Rorschach112]

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
  
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  
  • Click Start > Run
    
  • Type Inetcpl.cpl & click OK
    
  • Click on the Security tab
    
  • Click Reset all zones to default level
    
  • Make sure the Internet Zone is selected & Click Custom level
    
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    

  [*]TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

  Here

  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

  • NoScript - for blocking ads and other potential website attacks
    
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    

  [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  [*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  [*]Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

[therealbigyo]

OH MAN! MY COMPUTER IS HEALTHY AGAIN THANK YOU SOOOO MUCH! I WAS AVOIDING CHECKING MY CREDIT CARD BILLS ON THIS COMPUTER AND BUYING STUFF BUT NOW I CAN BECAUSE YOU GUYS ROCK! THANKS I'M POOR NOW BUT WHEN I GET MONEY I WILL TOTALLY DONATE MONEY TO U GUYS. THANKS AGAIN!

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.