REMIX_23 Posted January 13, 2010 Report Share Posted January 13, 2010 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:21:23 PM, on 1/12/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\LTMSG.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217701261046O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217703813921O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exeO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe--End of file - 6487 bytes Quote Link to post Share on other sites
Rorschach112 Posted January 13, 2010 Report Share Posted January 13, 2010 Hi and welcome to BestTechie! I'll be assisting you to clean up your computer. The first thing I need you to do is follow the steps in this thread. Make sure you go through all of the procedures, and post back here with the logs you get back. Quote Link to post Share on other sites
REMIX_23 Posted January 15, 2010 Author Report Share Posted January 15, 2010 Rooter ScanRooter.exe (v1.0.2) by Eric_71.SeDebugPrivilege granted successfully ....Windows XP . (5.1.2600) Service Pack 3[32_bits] - x86 Family 15 Model 2 Stepping 9, GenuineIntel.[wscsvc] (Security Center) RUNNING (state:4)[sharedAccess] RUNNING (state:4)Windows Firewall -> Enabled.Internet Explorer 8.0.6001.18702Mozilla Firefox 3.6 (en-US).A:\ [Removable]C:\ [Fixed-NTFS] .. ( Total:143 Go - Free:48 Go )D:\ [CD_Rom]E:\ [Removable]F:\ [Removable]G:\ [Removable]H:\ [Fixed-FAT32] .. ( Total:5 Go - Free:0 Go )I:\ [CD_Rom]J:\ [Removable].Scan : 19:47.59Path : C:\Documents and Settings\Me\My Documents\Downloads\Rooter.exeUser : Me ( Administrator -> YES ).----------------------\\ Processes.Locked [system Process] (0)______ System (4)______ \SystemRoot\System32\smss.exe (648)______ \??\C:\WINDOWS\system32\csrss.exe (716)______ \??\C:\WINDOWS\system32\winlogon.exe (748)______ C:\WINDOWS\system32\services.exe (792)______ C:\WINDOWS\system32\lsass.exe (804)______ C:\WINDOWS\system32\Ati2evxx.exe (996)______ C:\WINDOWS\system32\svchost.exe (1012)______ C:\WINDOWS\system32\svchost.exe (1092)______ C:\WINDOWS\System32\svchost.exe (1188)______ C:\WINDOWS\System32\svchost.exe (1300)______ C:\WINDOWS\System32\svchost.exe (1356)______ C:\WINDOWS\system32\spoolsv.exe (1576)______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (1652)______ C:\WINDOWS\System32\svchost.exe (1848)______ C:\WINDOWS\system32\Ati2evxx.exe (1928)______ C:\WINDOWS\Explorer.EXE (184)______ C:\WINDOWS\LTMSG.exe (544)______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (556)______ C:\WINDOWS\system32\ctfmon.exe (564)______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (576)______ C:\Program Files\a-squared Free\a2service.exe (1168)______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1412)______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1500)______ C:\Program Files\Bonjour\mDNSResponder.exe (1464)______ C:\WINDOWS\System32\svchost.exe (1804)______ C:\Program Files\Java\jre6\bin\jqs.exe (1892)______ C:\Program Files\Common Files\Motive\McciCMService.exe (1924)______ C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (2344)______ C:\WINDOWS\System32\svchost.exe (2420)______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2496)______ C:\Program Files\Windows Media Player\WMPNetwk.exe (2660)______ C:\WINDOWS\System32\alg.exe (3464)______ C:\Program Files\Mozilla Firefox\firefox.exe (2576)______ C:\Documents and Settings\Me\My Documents\Downloads\Rooter.exe (428).----------------------\\ Device\Harddisk0\.\Device\Harddisk0 [sectors : 63 x 512 Bytes].\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:5581545984)\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5581578240 | Length:154449469440).----------------------\\ Scheduled Tasks.C:\WINDOWS\Tasks\desktop.iniC:\WINDOWS\Tasks\SA.DATC:\WINDOWS\Tasks\User_Feed_Synchronization-{D98A241E-6982-45E0-80AF-5F153E9F6DBA}.job.----------------------\\ Registry..----------------------\\ Files & Folders.----------------------\\ Scan completed at 19:48.24.C:\Rooter$\Rooter_1.txt - (13/01/2010 | 19:48.24)LocksearchLockSearch by jpshortstuff (05.11.09.1)Log created at 19:50 on 13/01/2010 (Me)Scanning C:\C:\pagefile.sys-------------------------C:\WINDOWS\system32\drivers\sptd.sys-------------------------C:\WINDOWS\system32\drivers\sptd.sys [unable to get md5 : 721904 bytes]-=E.O.F=-CKScanner - Additional Security Risks - These are not necessarily badc:\documents and settings\helpassistant.adrian\application data\macromedia\flash player\#sharedobjects\r4rmugxs\crackle.com\cracklesettings.solc:\documents and settings\helpassistant.adrian\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.solc:\documents and settings\me\application data\macromedia\flash player\#sharedobjects\r4rmugxs\crackle.com\cracklesettings.solc:\documents and settings\me\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.solc:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.patscanner sequence 3.IJ.11 ----- EOF ----- GMER Rootkit wont even scan it just brings me to a blue screen saying something failed.OTL logfile created on: 1/14/2010 11:37:39 PM - Run 1OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Me\My Documents\DownloadsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy767.00 Mb Total Physical Memory | 379.00 Mb Available Physical Memory | 49.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 143.84 Gb Total Space | 48.79 Gb Free Space | 33.92% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedDrive H: | 5.19 Gb Total Space | 0.90 Gb Free Space | 17.42% Space Free | Partition Type: FAT32I: Drive not present or media not loadedDrive K: | 489.73 Mb Total Space | 377.29 Mb Free Space | 77.04% Space Free | Partition Type: FATComputer Name: ADRIANCurrent User Name: MeLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/01/13 19:27:45 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\My Documents\Downloads\OTL.exePRC - [2009/12/21 22:37:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exePRC - [2009/08/05 11:48:32 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2009/06/09 17:07:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exePRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2009/01/26 16:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exePRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exePRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exePRC - [2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exePRC - [2006/02/21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exePRC - [2006/02/19 04:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exePRC - [2006/02/19 03:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exePRC - [2003/07/14 09:52:44 | 00,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe========== Modules (SafeList) ==========MOD - [2010/01/13 19:27:45 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\My Documents\Downloads\OTL.exe========== Win32 Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)SRV - [2009/12/21 22:37:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)SRV - [2009/11/13 19:11:48 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)SRV - [2009/08/05 11:48:32 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2009/06/09 17:07:18 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2009/01/26 16:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)SRV - [2008/11/03 06:42:11 | 00,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)SRV - [2008/08/02 12:04:39 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)SRV - [2008/05/29 09:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)SRV - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)SRV - [2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2006/02/21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)========== Driver Services (SafeList) ==========DRV - [2009/12/07 18:24:24 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)DRV - [2009/09/07 21:14:55 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)DRV - [2009/06/09 17:07:18 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)DRV - [2009/02/14 12:36:50 | 00,029,584 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2009/01/26 16:13:41 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)DRV - [2009/01/26 16:13:39 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)DRV - [2008/10/30 22:30:12 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2008/02/25 11:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2006/04/12 18:04:39 | 00,049,664 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)DRV - [2006/04/12 18:04:39 | 00,021,568 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)DRV - [2006/04/12 18:04:39 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)DRV - [2006/02/21 19:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2004/10/01 09:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)DRV - [2004/08/03 23:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2004/02/04 09:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)DRV - [2003/12/12 18:03:10 | 00,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)DRV - [2001/08/23 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.startup.homepage: "http://www.google.com/"FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5FF - prefs.js..extensions.enabledItems: [email protected]:1.0FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 19:38:14 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 19:38:13 | 00,000,000 | ---D | M][2009/09/10 20:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions[2009/09/06 13:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions\[email protected][2010/01/13 22:45:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\hq8lf8g6.default\extensions[2009/09/10 20:34:46 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\hq8lf8g6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}[2010/01/13 22:45:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensionsO1 HOSTS File: (898 bytes) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 serial.alcohol-soft.comO1 - Hosts: 127.0.0.1 www.alcohol-soft.comO1 - Hosts: 127.0.0.1 images.alcohol-soft.comO1 - Hosts: 127.0.0.1 trial.alcohol-soft.comO1 - Hosts: 127.0.0.1 alcohol-soft.comO2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [KernelFaultCheck] File not foundO4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not foundO4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217701261046 (WUWebControl Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217703813921 (MUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/08/02 12:07:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]O32 - AutoRun File - [2002/09/11 03:02:32 | 00,000,045 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]O33 - MountPoints2\{ff5500cb-6088-11dd-a8fa-806d6172696f}\Shell\AutoRun\command - "" = H:\Info.exe -- [2002/09/10 21:54:58 | 00,040,960 | -HS- | M] (XSS)O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Info.exe -- [2002/09/10 21:54:58 | 00,040,960 | -HS- | M] (XSS)O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/02 12:07:37 | 00,000,000 | ---D | M]NetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)NetSvcs: WmdmPmSp - File not foundNetSvcs: TermService - C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)MsConfig - StartUpReg: Ad-Watch - hkey= - key= - Reg Error: Value error. File not foundMsConfig - StartUpReg: Aim6 - hkey= - key= - File not foundMsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not foundMsConfig - StartUpReg: EA Core - hkey= - key= - Reg Error: Value error. File not foundMsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not foundMsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)MsConfig - StartUpReg: PC Pitstop Optimize Scheduler - hkey= - key= - C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vds - ServiceSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: termservice - C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)SafeBootNet: UploadMgr - ServiceSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShowActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimationActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for JavaActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - UniscribeActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced AuthoringActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /installActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NTActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShowActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java ClassesActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUserActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICWActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET FrameworkActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web FoldersActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /installActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettingsActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,InstallActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET FrameworkActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET FrameworkActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task SchedulerActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash PlayerActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdateActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exeActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfigActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUPActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUPActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOEDrivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()CREATERESTOREPOINTRestore point Set: OTL Restore Point (16892003295952896)========== Files/Folders - Created Within 30 Days ==========[2010/01/13 19:48:24 | 00,000,000 | ---D | C] -- C:\Rooter$[2010/01/12 21:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010/01/12 16:19:47 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll[2010/01/10 23:28:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Malwarebytes[2010/01/10 23:28:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/01/10 23:28:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2010/01/10 23:28:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/01/10 23:28:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/01/10 23:22:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\a-squared Free[2010/01/10 18:56:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared[2009/02/15 21:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google[2008/11/02 14:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2008/10/30 22:30:12 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Me\Application Data\pcouffin.sys[2008/09/23 13:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple[2008/08/03 12:27:17 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[2008/08/03 12:27:17 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2008/08/02 12:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/01/14 23:36:32 | 00,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D98A241E-6982-45E0-80AF-5F153E9F6DBA}.job[2010/01/14 23:36:29 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Rooter Scan.doc[2010/01/14 23:17:41 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/01/14 23:17:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/01/14 23:17:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/01/14 19:43:31 | 04,980,736 | ---- | M] () -- C:\Documents and Settings\Me\NTUSER.DAT[2010/01/13 22:58:50 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Me\ntuser.ini[2010/01/12 22:07:19 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk[2010/01/12 21:04:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2010/01/11 20:09:19 | 00,002,198 | ---- | M] () -- C:\Documents and Settings\Me\Ahmbed.gz[2010/01/10 19:38:16 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/01/01 02:32:32 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010/01/13 20:31:11 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Rooter Scan.doc[2010/01/11 19:56:31 | 00,002,198 | ---- | C] () -- C:\Documents and Settings\Me\Ahmbed.gz[2009/10/29 17:28:28 | 00,000,171 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\default.rss[2009/10/28 23:33:18 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini[2009/09/07 21:14:54 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2009/03/02 21:11:17 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll[2009/02/11 09:04:05 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI[2008/12/22 00:40:11 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL[2008/12/07 19:41:49 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\winscp.rnd[2008/10/30 22:30:55 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\vso_ts_preview.xml[2008/10/30 22:30:25 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.log[2008/10/30 22:30:12 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\inst.exe[2008/10/30 22:30:12 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.cat[2008/10/30 22:30:12 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.inf[2008/08/23 06:43:13 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2008/08/23 06:43:13 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2008/08/23 06:39:59 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2008/08/23 06:39:59 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2008/08/21 09:36:20 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini[2008/08/20 12:24:34 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2008/08/20 12:24:34 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2008/08/05 23:29:50 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log[2008/08/05 23:26:42 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll[2008/08/03 09:08:25 | 00,040,448 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2009/12/04 07:00:06 | 00,017,890 | ---- | M] () -- C:\aaw7boot.log[2008/08/02 12:07:59 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2009/12/06 22:23:24 | 00,000,211 | RHS- | M] () -- C:\boot.ini[2008/08/02 12:07:59 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS[2008/08/02 12:07:59 | 00,000,000 | RHS- | M] () -- C:\IO.SYS[2008/08/02 14:58:09 | 00,000,364 | -H-- | M] () -- C:\IPH.PH[2008/08/02 12:07:59 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2008/08/02 12:41:18 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2008/08/02 13:40:28 | 00,250,048 | RHS- | M] () -- C:\ntldr[2010/01/14 23:17:08 | 80,530,6368 | -HS- | M] () -- C:\pagefile.sys[2009/03/02 22:22:50 | 00,000,056 | -HS- | M] () -- C:\redir.sys< MD5 for: AGP440.SYS >[2008/08/02 12:38:31 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys[2008/08/02 13:36:54 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys[2008/08/02 12:38:31 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys[2008/08/02 13:36:54 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS< MD5 for: ATAPI.SYS >[2008/08/02 12:38:31 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys[2008/08/02 13:36:54 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys[2008/08/02 12:38:31 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys[2008/08/02 13:36:54 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys< MD5 for: EVENTLOG.DLL >[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll< MD5 for: NETLOGON.DLL >[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll< MD5 for: SCECLI.DLL >[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll< %systemroot%\system32\*.dll /lockedfiles >[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]< %systemroot%\Tasks\*.job /lockedfiles >< %systemroot%\*. /mp /s >< %PROGRAMFILES%\*. >[2010/01/11 00:27:38 | 00,000,000 | ---D | M] -- C:\Program Files\a-squared Free[2010/01/11 20:14:09 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe[2008/08/02 14:58:08 | 00,000,000 | ---D | M] -- C:\Program Files\AIM6[2009/09/07 21:19:45 | 00,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft[2009/10/07 20:01:15 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update[2009/04/18 15:55:12 | 00,000,000 | ---D | M] -- C:\Program Files\att-prt22[2009/04/18 15:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\ATT-PRT22-WISE[2008/08/03 12:28:21 | 00,000,000 | ---D | M] -- C:\Program Files\AVG[2009/05/16 17:15:08 | 00,000,000 | ---D | M] -- C:\Program Files\Avira[2009/04/14 15:56:29 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour[2008/08/22 08:45:15 | 00,000,000 | ---D | M] -- C:\Program Files\CleanUp![2010/01/10 18:56:07 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files[2008/08/02 12:05:19 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications[2009/07/01 10:11:40 | 00,000,000 | ---D | M] -- C:\Program Files\Coupons[2009/03/15 18:05:20 | 00,000,000 | ---D | M] -- C:\Program Files\DigiDNA[2008/08/23 06:48:13 | 00,000,000 | ---D | M] -- C:\Program Files\DivX[2009/07/08 10:49:15 | 00,000,000 | ---D | M] -- C:\Program Files\Electronic Arts[2008/11/25 20:43:05 | 00,000,000 | ---D | M] -- C:\Program Files\eMule[2008/08/03 11:33:08 | 00,000,000 | ---D | M] -- C:\Program Files\ESET[2008/09/18 21:08:55 | 00,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0[2009/08/23 18:12:39 | 00,000,000 | ---D | M] -- C:\Program Files\Google[2009/02/14 12:28:56 | 00,000,000 | ---D | M] -- C:\Program Files\Greatis[2008/08/06 08:06:39 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard[2008/08/06 08:08:42 | 00,000,000 | ---D | M] -- C:\Program Files\HP[2009/07/08 10:49:15 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information[2009/12/09 18:13:04 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer[2009/10/10 11:18:05 | 00,000,000 | ---D | M] -- C:\Program Files\iPod[2009/10/10 11:18:57 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes[2009/08/04 22:27:00 | 00,000,000 | ---D | M] -- C:\Program Files\Java[2008/08/20 12:24:34 | 00,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack[2009/12/07 19:19:20 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft[2009/09/06 13:19:25 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire[2010/01/10 23:28:31 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware[2008/08/14 20:26:36 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger[2008/08/03 11:04:05 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2[2008/08/02 12:08:16 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage[2008/08/03 09:45:03 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office[2009/09/10 20:01:13 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight[2008/08/03 09:44:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio[2008/08/03 09:41:41 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8[2009/11/10 07:08:42 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works[2009/07/01 13:01:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE[2008/08/03 09:43:59 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET[2008/08/02 13:44:50 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker[2010/01/13 19:50:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox[2009/07/14 23:34:47 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild[2008/08/02 12:05:09 | 00,000,000 | ---D | M] -- C:\Program Files\MSN[2008/08/02 12:04:56 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone[2008/08/06 21:49:20 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0[2008/11/08 18:44:13 | 00,000,000 | ---D | M] -- C:\Program Files\NCH Software[2008/11/08 18:35:32 | 00,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound[2009/10/29 18:13:53 | 00,000,000 | ---D | M] -- C:\Program Files\Nero[2008/08/02 13:42:16 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting[2008/08/02 12:06:55 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services[2009/08/15 11:36:59 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express[2008/08/03 10:29:52 | 00,000,000 | ---D | M] -- C:\Program Files\PCPitstop[2009/09/09 18:42:13 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime[2009/08/27 21:21:37 | 00,000,000 | ---D | M] -- C:\Program Files\RADVideo[2009/07/14 23:34:36 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies[2008/11/02 14:35:09 | 00,000,000 | ---D | M] -- C:\Program Files\RegCleaner[2009/07/01 10:38:36 | 00,000,000 | ---D | M] -- C:\Program Files\Sonic[2009/09/10 20:17:44 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy[2010/01/10 19:58:12 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster[2009/09/01 19:28:56 | 00,000,000 | ---D | M] -- C:\Program Files\TI Education[2010/01/12 21:20:56 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro[2008/11/03 06:42:03 | 00,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2008[2009/07/14 23:58:52 | 00,000,000 | ---D | M] -- C:\Program Files\Uniblue[2008/08/02 12:14:18 | 00,000,000 | ---D | M] -- C:\Program Files\Uninstall Information[2008/08/03 10:05:45 | 00,000,000 | ---D | M] -- C:\Program Files\uTorrent[2008/10/30 22:30:01 | 00,000,000 | ---D | M] -- C:\Program Files\VSO[2009/08/27 21:48:01 | 00,000,000 | ---D | M] -- C:\Program Files\WinAVI Video Converter[2008/08/02 14:19:22 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search[2008/08/02 14:05:23 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2[2008/08/02 14:05:22 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player[2008/08/02 13:42:13 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT[2008/08/02 12:21:25 | 00,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate[2008/08/17 10:30:39 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR[2009/07/17 15:22:47 | 00,000,000 | ---D | M] -- C:\Program Files\WinSCP[2008/08/02 12:08:16 | 00,000,000 | ---D | M] -- C:\Program Files\xerox[2009/10/28 17:16:29 | 00,000,000 | ---D | M] -- C:\Program Files\Xilisoft[2008/08/23 06:43:13 | 00,000,000 | ---D | M] -- C:\Program Files\Xvid< %userprofile%\Desktop\*.* >[2009/09/06 13:19:25 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\LimeWire PRO.lnk< %userprofile%\Desktop\*. >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-13 03:07:05========== Alternate Data Streams ==========@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34< End of report >OTL Extras logfile created on: 1/14/2010 11:37:39 PM - Run 1OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Me\My Documents\DownloadsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy767.00 Mb Total Physical Memory | 379.00 Mb Available Physical Memory | 49.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 143.84 Gb Total Space | 48.79 Gb Free Space | 33.92% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedDrive H: | 5.19 Gb Total Space | 0.90 Gb Free Space | 17.42% Space Free | Partition Type: FAT32I: Drive not present or media not loadedDrive K: | 489.73 Mb Total Space | 377.29 Mb Free Space | 77.04% Space Free | Partition Type: FATComputer Name: ADRIANCurrent User Name: MeLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"65533:TCP" = 65533:TCP:*:Enabled:Services"52344:TCP" = 52344:TCP:*:Enabled:Services"2479:TCP" = 2479:TCP:*:Enabled:Services"3246:TCP" = 3246:TCP:*:Enabled:Services"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4"65533:TCP" = 65533:TCP:*:Enabled:Services"52344:TCP" = 52344:TCP:*:Enabled:Services"2479:TCP" = 2479:TCP:*:Enabled:Services"3246:TCP" = 3246:TCP:*:Enabled:Services"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 15"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008"{62369F2F77534556AEF4C58152E3BDE5}" = "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc"{8ADC27DB-E2C8-446C-A576-166C05C2DD24}" = "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update"{BB8B979E-E336-47E7-96BC-1031C1B94561}" = "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All"AddressBook" = "Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"AIM_6" = AIM 6"AOL Diagnostics_N" = "AOLOCP_Y" = "a-squared Free_is1" = a-squared Free 4.5"ATI Display Driver" = ATI Display Driver"ATT-PRT22" = ATT-PRT22"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus"Branding" = "CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600"CleanUp!" = CleanUp!"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com"Connection Manager" = "DirectAnimation" = "DirectDrawEx" = "DiskAid_is1" = DiskAid 2.12"DXM_Runtime" = "ENTERPRISE" = Microsoft Office Enterprise 2007"ffdshow_is1" = ffdshow [rev 2073] [2008-08-11]"Fontcore" = "HijackThis" = HijackThis 2.0.2"HP Imaging Device Functions" = HP Imaging Device Functions 7.0"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0"HPExtendedCapabilities" = HP Customer Participation Program 7.0"HPOCR" = OCR Software by I.R.I.S 7.0"ICW" = "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"IE40" = "IE4Data" = "IE5BAKEX" = "ie8" = Windows Internet Explorer 8"IEData" = "InstallShield Uninstall Information" = "KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)"LimeWire" = LimeWire PRO 5.2.13"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft NetShow Player 2.0" = "MobileOptionPack" = "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MSI30a-KB884016" = "MSI30-Beta1" = "MSI30-Beta2" = "MSI30-KB884016" = "MSI30-RC1" = "MSI30-RC2" = "MSI31-Beta" = "MSI31-RC1" = "NetMeeting" = "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"OutlookExpress" = "PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5"PCHealth" = "RADVideo" = RAD Video Tools"SchedulingAgent" = "Shockwave" = "SpywareBlaster_is1" = SpywareBlaster 4.2"Viewpoint Manager" = "WavePad" = WavePad Uninstall"WIC" = "Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WinGimp-2.0_is1" = GIMP 2.4.7"WinRAR archiver" = WinRAR archiver"winscp3_is1" = WinSCP 4.2.2 beta"WMCSetup" = "WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"Xilisoft DVD Creator" = Xilisoft DVD Creator"Xvid_is1" = Xvid 1.1.3 final uninstall========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Molecular Workbench V2.0" = Molecular Workbench V2.0"uTorrent" = µTorrent========== Last 10 Event Log Errors ==========[ Application Events ]Error - 12/5/2009 8:12:06 PM | Computer Name = ADRIAN | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 12/7/2009 12:09:12 AM | Computer Name = ADRIAN | Source = Application Hang | ID = 1002Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 12/19/2009 11:54:16 AM | Computer Name = ADRIAN | Source = Application Error | ID = 1000Description = Faulting application firefox.exe, version 1.9.1.3622, faulting module npswf32.dll, version 10.0.32.18, fault address 0x0004f2df.Error - 12/22/2009 12:00:09 PM | Computer Name = ADRIAN | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x000012b0.Error - 12/23/2009 12:27:33 AM | Computer Name = ADRIAN | Source = Application Error | ID = 1000Description = Faulting application hpqtra08.exe, version 70.0.170.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00010b2c.Error - 1/10/2010 9:03:20 PM | Computer Name = ADRIAN | Source = Avira AntiVir | ID = 4110Description = An unknown error occurred during init of the engine! Returned error code: 0x35Error - 1/10/2010 9:22:34 PM | Computer Name = ADRIAN | Source = Avira AntiVir | ID = 4110Description = An unknown error occurred during init of the engine! Returned error code: 0x35Error - 1/10/2010 9:40:21 PM | Computer Name = ADRIAN | Source = Application Error | ID = 1000Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module unknown, version 0.0.0.0, fault address 0x71356800.Error - 1/12/2010 10:55:42 PM | Computer Name = ADRIAN | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 1/13/2010 10:35:09 PM | Computer Name = ADRIAN | Source = Application Hang | ID = 1002Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp, version 0.0.0.0, hang address 0x00000000.[ System Events ]Error - 1/10/2010 1:59:32 AM | Computer Name = ADRIAN | Source = Service Control Manager | ID = 7000Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: %%3Error - 1/10/2010 2:08:47 AM | Computer Name = ADRIAN | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer FEMOCA-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A963EB6A-762D-. The master browser is stopping or an election is being forced.Error - 1/10/2010 2:33:29 PM | Computer Name = ADRIAN | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer FEMOCA-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A963EB6A-762D-. The master browser is stopping or an election is being forced.Error - 1/10/2010 2:39:39 PM | Computer Name = ADRIAN | Source = Service Control Manager | ID = 7000Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: %%3Error - 1/10/2010 2:45:28 PM | Computer Name = ADRIAN | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer FEMOCA-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A963EB6A-762D-. The master browser is stopping or an election is being forced.Error - 1/10/2010 3:13:58 PM | Computer Name = ADRIAN | Source = Service Control Manager | ID = 7000Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: %%3Error - 1/10/2010 3:21:26 PM | Computer Name = ADRIAN | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer FEMOCA-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A963EB6A-762D-. The master browser is stopping or an election is being forced.Error - 1/10/2010 4:21:31 PM | Computer Name = ADRIAN | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer FEMOCA-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A963EB6A-762D-. The master browser is stopping or an election is being forced.Error - 1/13/2010 5:04:15 PM | Computer Name = ADRIAN | Source = Service Control Manager | ID = 7000Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: %%3Error - 1/14/2010 8:02:00 PM | Computer Name = ADRIAN | Source = Service Control Manager | ID = 7000Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: %%3< End of report > Quote Link to post Share on other sites
REMIX_23 Posted January 17, 2010 Author Report Share Posted January 17, 2010 please help anyone? its real bad Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.