Another mbam/Security tool problem

[mattyink]

Hi guys, unfortunately I'm another one of those unlucky people who got infected.

I've been reading a lot on it today and just now was checking this out since it's mentioned here.

http://www.bleepingcomputer.com/virus-remo...e-security-tool

I didn't do step 1-9 because as of right now i can use my PC ( almost) like normal.

Sorry that my post might be long but I'd rather give more info then not enough just in case.

What i did is that i was able on boot up to open my task manager and shut down the 8digitnumber.exe

Following instructions on another website i located 2 files in ..document&setting/applicationdata... and deleted them there.

Unfortunately i wasn't able to locate the registry keys though.

I was able to update and run A-square and it found quit a few problems but none that sounded like Security tool( what has my wife been doing to my pc haha)

Now when i load windows ( XP SP2 btw) i get this : error loading windows\anajosob.dll A-square found a high treat regarding a file name like that.

I realize that might be another problem for another day but I'd figure i throw it in there anyways.

Even though i can use my PC i still cannot do a safe boot or a system restore, it fails every single time. I get weird redirects when on firefox.

So i downloaded malwarebytes and updated it but every time i start a scan it disappear right away.

There is a similar thread i know but since i might need to post a scan report or something i figured might as well have my own thread.

Sorry if this was inappropriate.

So where to start? Should i get Win32kdiag.exe and post the report here?

Thanks in advance there seem to be good support here by the people at Malwarebytes

[chamber]

Hi,

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

[mattyink]

Thanks for the quick reply, nice service here.

Here is the exehelper report

exehelperlog.txt

As for combofix, i got a message that it detected the presence of rootkit activity and needed to reboot.

After reboot and installation i click yes for the Microsoft recovery console and got this message:

Boot partition can't be enumerated correctly.

I click yes when prompt anyways and here is the log but it says at the start:

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

log.txt

Nothing was running like firewalls or spyware programs so not sure what happened.

I will retry in the meantime and post the log if anything.

Thanks a lot for the help

[chamber]

Hi,

In the future can you copy and paste the logs into the thread, it makes it a lot easier to work on them.

1) CFScript

Open notepad and copy/paste the text in the quotebox below into it:

http://www.malwarebytes.org/forums/index.php?showtopic=28552

Collect::
c:\windows\win32k.sys
c:\windows\Uduxevafi.bin
c:\windows\Hmekujuzese.dat
c:\windows\system32\drivers\WT6563F.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\limewire\\LimeWire.exe"=-
"c:\\Program Files\\Vuze\\Azureus.exe"=-

Folder::
c:\documents and settings\Mattyink\Application Data\LimeWire
c:\documents and settings\Mattyink\Application Data\Azureus

KILLALL::

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
  

2) Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) OTL

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

In your reply I would like to see copied and pasted,

1) ComboFix log

2) Malwarebytes log

3) OTL logs

[mattyink]

OK here are the logs you asked me.

I still got the "Boot partition cannot be enumerated correctly " message.

Was able to run malwarebytes but weirdly it found nothing.

I should mention that right after saving the CFScript.txt to my desktop System tool took over again.

I was able to right away open task manager and stop it. Went and deleted the files in application data.

Deleted the entry in registry current user/software/nnnnnnnn

But i can't never find the one that's supposed to be in local_machine/microsoft/windows/currentversin/uninstall

ComboFix 09-10-22.01 - Mattyink 10/23/2009 15:30.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1598 [GMT -4:00]

Running from: c:\documents and settings\Mattyink\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mattyink\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

file zipped: c:\windows\Hmekujuzese.dat

file zipped: c:\windows\system32\drivers\WT6563F.sys

file zipped: c:\windows\Uduxevafi.bin

file zipped: c:\windows\win32k.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Mattyink\Application Data\Azureus

c:\documents and settings\Mattyink\Application Data\Azureus\.certs

c:\documents and settings\Mattyink\Application Data\Azureus\.keystore

c:\documents and settings\Mattyink\Application Data\Azureus\.lock

c:\documents and settings\Mattyink\Application Data\Azureus\active\470D6BB1B29B29AC041863C588E9DBFF19F00FD1.dat

c:\documents and settings\Mattyink\Application Data\Azureus\active\68CA06270C0039373B85D3A14D6EC70827DBD0A2.dat

c:\documents and settings\Mattyink\Application Data\Azureus\active\B1FC12ED71F95B997BE835176C6C620E4FA3A556.dat

c:\documents and settings\Mattyink\Application Data\Azureus\active\cache.dat

c:\documents and settings\Mattyink\Application Data\Azureus\active\E1A06C6A0F5CF095401E38CF2844EE90160C0A25.dat

c:\documents and settings\Mattyink\Application Data\Azureus\azureus.config

c:\documents and settings\Mattyink\Application Data\Azureus\azureus.statistics

c:\documents and settings\Mattyink\Application Data\Azureus\cnetworks.config

c:\documents and settings\Mattyink\Application Data\Azureus\dht\addresses.dat

c:\documents and settings\Mattyink\Application Data\Azureus\dht\contacts.dat

c:\documents and settings\Mattyink\Application Data\Azureus\dht\diverse.dat

c:\documents and settings\Mattyink\Application Data\Azureus\dht\general.dat

c:\documents and settings\Mattyink\Application Data\Azureus\downloads.config

c:\documents and settings\Mattyink\Application Data\Azureus\friends.config

c:\documents and settings\Mattyink\Application Data\Azureus\ipfilter.cache

c:\documents and settings\Mattyink\Application Data\Azureus\logs\MetaSearch_Engine_3.txt

c:\documents and settings\Mattyink\Application Data\Azureus\logs\MetaSearch_Engine_4.txt

c:\documents and settings\Mattyink\Application Data\Azureus\logs\MetaSearch_Engine_5.txt

c:\documents and settings\Mattyink\Application Data\Azureus\logs\MetaSearch_Engine_9.txt

c:\documents and settings\Mattyink\Application Data\Azureus\metasearch.config

c:\documents and settings\Mattyink\Application Data\Azureus\net\pm_5769.dat

c:\documents and settings\Mattyink\Application Data\Azureus\net\pm_default.dat

c:\documents and settings\Mattyink\Application Data\Azureus\sidebarauto.config

c:\documents and settings\Mattyink\Application Data\Azureus\tables.config

c:\documents and settings\Mattyink\Application Data\Azureus\tmp\AZU5125.tmp\patch.jar

c:\documents and settings\Mattyink\Application Data\Azureus\torrents\AZU18358.tmp

c:\documents and settings\Mattyink\Application Data\Azureus\torrents\AZU18361.tmp

c:\documents and settings\Mattyink\Application Data\Azureus\torrents\AZU22960.tmp

c:\documents and settings\Mattyink\Application Data\Azureus\torrents\AZU5126.tmp

c:\documents and settings\Mattyink\Application Data\Azureus\torrents\AZU51467.tmp

c:\documents and settings\Mattyink\Application Data\Azureus\torrents\AZU6245.tmp

c:\documents and settings\Mattyink\Application Data\Azureus\torrents\AZU7126.tmp

c:\documents and settings\Mattyink\Application Data\Azureus\tracker.config

c:\documents and settings\Mattyink\Application Data\Azureus\unsentdata.config

c:\documents and settings\Mattyink\Application Data\Azureus\update.properties

c:\documents and settings\Mattyink\Application Data\Azureus\v3.Friends.dat

c:\documents and settings\Mattyink\Application Data\Azureus\VuzeActivities.config

c:\documents and settings\Mattyink\Application Data\LimeWire

c:\documents and settings\Mattyink\Application Data\LimeWire\.AppSpecialShare\metastasis_patched.exe.torrent.bak

c:\documents and settings\Mattyink\Application Data\LimeWire\414splashfree.png

c:\documents and settings\Mattyink\Application Data\LimeWire\active.mojito

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\auth.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\caps.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\composer.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\directory.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\editor.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\find.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\intl.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\jar.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\locale.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\oji.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\pippki.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\places.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\pref.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\profile.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\storage.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\update.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\widget.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\crashreporter.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\crashreporter.ini

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\dependentlibs.list

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\freebl3.chk

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\freebl3.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\greprefs\all.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\js3250.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\LICENSE

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\modules\debug.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\modules\utils.js

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\mozctl.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\mozctlx.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\msvcr71.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\nspr4.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\nss3.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\nssckbi.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\nssutil3.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\platform.ini

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\plc4.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\plds4.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\README.txt

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\arrow.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\designmode.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\forms.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\grabber.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\html.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\html\folder.png

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\language.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\mathml.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\quirk.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\svg.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\ua.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\viewsource.css

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\smime3.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\softokn3.chk

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\softokn3.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\sqlite3.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\ssl3.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\updater.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\version.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xpcom.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xpcshell.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xpidl.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xpt_link.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xul.dll

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\browser\xulrunner\xulrunner.exe

c:\documents and settings\Mattyink\Application Data\LimeWire\certificate\limewire.keystore

c:\documents and settings\Mattyink\Application Data\LimeWire\createtimes.cache

c:\documents and settings\Mattyink\Application Data\LimeWire\downloads.dat

c:\documents and settings\Mattyink\Application Data\LimeWire\fileurns.cache

c:\documents and settings\Mattyink\Application Data\LimeWire\filters.props

c:\documents and settings\Mattyink\Application Data\LimeWire\gnutella.net

c:\documents and settings\Mattyink\Application Data\LimeWire\installation.props

c:\documents and settings\Mattyink\Application Data\LimeWire\library.dat

c:\documents and settings\Mattyink\Application Data\LimeWire\library5.dat

c:\documents and settings\Mattyink\Application Data\LimeWire\limewire.props

c:\documents and settings\Mattyink\Application Data\LimeWire\lock

c:\documents and settings\Mattyink\Application Data\LimeWire\mojito.props

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\.autoreg

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\0E6B8B2Ad01

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\75B8DBA3d01

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A89d01

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\Cache\CB7E9345d01

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\cert8.db

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\compreg.dat

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\cookies.sqlite

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\downloads.sqlite

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\extensions.cache

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\extensions.ini

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\history.dat

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\key3.db

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\permissions.sqlite

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\places.sqlite-journal

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\places.sqlite

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\pluginreg.dat

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\prefs.js

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\secmod.db

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\XPC.mfl

c:\documents and settings\Mattyink\Application Data\LimeWire\mozilla-profile\xpti.dat

c:\documents and settings\Mattyink\Application Data\LimeWire\passive.mojito

c:\documents and settings\Mattyink\Application Data\LimeWire\player.props

c:\documents and settings\Mattyink\Application Data\LimeWire\promotion\promodb.backup

c:\documents and settings\Mattyink\Application Data\LimeWire\promotion\promodb.data

c:\documents and settings\Mattyink\Application Data\LimeWire\promotion\promodb.lck

c:\documents and settings\Mattyink\Application Data\LimeWire\promotion\promodb.properties

c:\documents and settings\Mattyink\Application Data\LimeWire\promotion\promodb.script

c:\documents and settings\Mattyink\Application Data\LimeWire\questions.props

c:\documents and settings\Mattyink\Application Data\LimeWire\responses.cache

c:\documents and settings\Mattyink\Application Data\LimeWire\simpp.xml

c:\documents and settings\Mattyink\Application Data\LimeWire\spam.dat

c:\documents and settings\Mattyink\Application Data\LimeWire\tables.props

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme.lwtp

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\01_star.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\02_star.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\03_star.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\04_star.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\05_star.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\chat.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\forward_dn.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\forward_up.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\kill.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\kill_on.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\logo.png

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\notsearching.png

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\pause_dn.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\pause_up.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\play_dn.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\play_up.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\question.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\rewind_up.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\searching.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\splash.png

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\splashpro.png

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\stop_dn.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\stop_up.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\theme.txt

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\version.txt

c:\documents and settings\Mattyink\Application Data\LimeWire\themes\windows_theme\warning.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\ttdata.cache

c:\documents and settings\Mattyink\Application Data\LimeWire\ttree.cache

c:\documents and settings\Mattyink\Application Data\LimeWire\ttrees.cache

c:\documents and settings\Mattyink\Application Data\LimeWire\ttroot.cache

c:\documents and settings\Mattyink\Application Data\LimeWire\version.xml

c:\documents and settings\Mattyink\Application Data\LimeWire\versions.props

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\data\audio.sxml2

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\data\audio.sxml3

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\data\delete_me

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\misc\application.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\misc\audio.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\misc\document.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\misc\image.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\misc\video.gif

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\schemas\application.xsd

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\schemas\audio.xsd

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\schemas\document.xsd

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\schemas\image.xsd

c:\documents and settings\Mattyink\Application Data\LimeWire\xml\schemas\video.xsd

c:\windows\Hmekujuzese.dat

c:\windows\system32\drivers\WT6563F.sys

c:\windows\Uduxevafi.bin

c:\windows\win32k.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_WT6563F

((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))

.

2009-10-22 02:37 . 2009-10-22 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-10-22 00:53 . 2009-10-22 00:53 -------- d-----w- c:\program files\Free Window Registry Repair

2009-10-22 00:47 . 2009-10-22 00:47 -------- d-----w- c:\documents and settings\Mattyink\Application Data\Malwarebytes

2009-10-21 23:12 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-21 23:12 . 2009-10-22 00:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-21 23:12 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-21 21:03 . 2009-10-21 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-18 18:35 . 2009-10-18 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2009-10-18 01:54 . 2009-10-18 01:54 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-10-18 01:54 . 2009-10-18 01:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-10-18 01:54 . 2009-10-22 01:14 -------- d-----w- c:\program files\Google

2009-09-26 15:44 . 2009-09-26 15:44 -------- d-----w- c:\windows\system32\FragFx

2009-09-26 15:44 . 2009-09-26 15:44 -------- d-----w- c:\program files\FragFX

2009-09-26 02:56 . 2009-09-26 02:56 -------- d-----w- c:\program files\MSXML 4.0

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-22 00:47 . 2006-12-15 06:31 -------- d-----w- c:\program files\a-squared Free

2009-10-22 00:28 . 2006-11-23 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-21 23:00 . 2006-11-20 04:50 26088 ----a-w- c:\documents and settings\Mattyink\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-18 01:54 . 2007-07-23 21:24 -------- d-----w- c:\program files\DivX

2009-09-28 19:58 . 2006-11-23 09:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-27 16:19 . 2009-06-06 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier

2009-09-27 15:55 . 2007-12-01 16:40 -------- d-----w- c:\program files\CCleaner

2009-09-14 23:47 . 2006-12-10 21:51 -------- d-----w- c:\documents and settings\Mattyink\Application Data\Apple Computer

2009-09-14 22:09 . 2009-09-14 22:09 -------- d-----w- c:\program files\iTunes

2009-09-14 22:09 . 2009-09-14 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-14 22:09 . 2006-12-10 21:50 -------- d-----w- c:\program files\iPod

2009-09-14 22:09 . 2008-01-02 18:54 -------- d-----w- c:\program files\Common Files\Apple

2009-09-14 22:08 . 2009-09-14 22:07 -------- d-----w- c:\program files\QuickTime

2009-09-13 13:45 . 2007-10-24 01:37 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-12 16:44 . 2009-09-12 16:41 -------- d-----w- c:\program files\Microsoft

2009-09-12 16:44 . 2009-09-12 16:44 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-09-12 16:44 . 2009-09-12 16:41 -------- d-----w- c:\program files\Windows Live

2009-09-12 16:44 . 2009-09-12 16:44 -------- d-----w- c:\program files\Microsoft Sync Framework

2009-09-12 16:43 . 2009-09-12 16:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-09-12 16:41 . 2009-09-12 16:41 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-09-12 16:37 . 2009-09-12 16:37 -------- d-----w- c:\program files\Common Files\Windows Live

2009-09-10 23:58 . 2008-02-06 00:27 -------- d-----w- c:\documents and settings\Mattyink\Application Data\U3

2009-09-04 00:00 . 2009-09-04 00:00 25760 ---ha-w- c:\windows\system32\mlfcache.dat

2009-08-06 02:48 . 2009-09-12 16:44 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-10-22_11.37.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-11-20 04:45 . 2009-10-23 19:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-11-20 04:45 . 2009-10-22 11:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-20 04:45 . 2009-10-23 19:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-11-20 04:45 . 2009-10-22 11:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2006-11-20 04:45 . 2009-10-23 19:40 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-10-23 18:55 . 2009-10-23 19:39 1910 c:\windows\SoftwareDistribution\EventCache\{F17DAD75-D9F7-40F4-B60B-562849CC0430}.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-10-02 21:44 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-24 593920]

"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 362496]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-02 451896]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-17 17920]

"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-17 18944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-3-5 221295]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

"UpdReg"=c:\windows\UpdReg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FlashFXP\\flashfxp.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"c:\\Program Files\\Steam\\SteamApps\\mattyink\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/8/2008 2:46 PM 460168]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/12/2009 12:44 PM 54752]

S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [1/19/2007 1:16 AM 31872]

S3 SaiH3509;SaiH3509;c:\windows\system32\drivers\SaiH3509.sys [1/14/2007 7:08 PM 176640]

S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [1/9/2007 7:16 PM 56576]

S3 SaiU3509;SaiU3509;c:\windows\system32\drivers\SaiU3509.sys [1/14/2007 7:08 PM 27264]

S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [1/9/2007 7:16 PM 19584]

.

Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

.

.

------- Supplementary Scan -------

.

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Mattyink\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\

FF - plugin: c:\documents and settings\Mattyink\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\extensions\GameTap@gametap.com\plugins\npGameTapWebUpdater.dll

FF - plugin: c:\program files\GameTap Web Player\bin\release\npGameTapWebPlayer.dll

FF - plugin: c:\program files\Microsoft Silverlight\3.0.40624.0\npctrl.1.0.21115.0.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-60358729 - c:\docume~1\ALLUSE~1\APPLIC~1\60358729\60358729.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-23 15:42

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1844823847-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:7d,6c,6b,9a,34,e9,6e,a9,b4,c1,22,8a,8a,ed,77,ae,b2,da,a2,d0,c3,59,81,

4f,aa,06,35,f9,e7,53,0c,1b,e4,b4,74,8c,98,11,6d,9e,93,88,e3,0c,04,23,08,a5,\

"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1240)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\combofix\CF2700.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\program files\a-squared free\a2service.exe

c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\CTsvcCDA.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\combofix\PEV.cfxxe

.

**************************************************************************

.

Completion time: 2009-10-23 15:48 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-23 19:48

ComboFix2.txt 2009-10-22 11:41

Pre-Run: 80,690,466,816 bytes free

Post-Run: 80,615,632,896 bytes free

- - End Of File - - B9B15E2551885FD8AB346652DB6E984A

Malwarebytes log

Malwarebytes' Anti-Malware 1.41

Database version: 3019

Windows 5.1.2600 Service Pack 2

10/23/2009 3:57:19 PM

mbam-log-2009-10-23 (15-57-19).txt

Scan type: Quick Scan

Objects scanned: 94374

Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[mattyink]

OTL Extras logfile created on: 10/23/2009 4:01:58 PM - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Mattyink\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.48% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 75.10 Gb Free Space | 50.39% Space Free | Partition Type: NTFS

Drive D: | 149.05 Gb Total Space | 67.52 Gb Free Space | 45.30% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MATTOS1

Current User Name: Mattyink

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

"C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\sandra.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\sandra.exe:*:Enabled:SiSoftware Sandra Professional -- (SiSoftware)

"C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional -- (SiSoftware)

"C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional -- (SiSoftware)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

"C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\sandra.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\sandra.exe:*:Enabled:SiSoftware Sandra Professional -- (SiSoftware)

"C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional -- (SiSoftware)

"C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional -- (SiSoftware)

"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)

"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()

"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.)

"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()

"C:\Program Files\Steam\SteamApps\mattyink\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\mattyink\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe" = C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe:*:Enabled:GameTap Web Player -- (Metaboli)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War

"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20DEB77C-21D6-4D22-BB47-233E47613D57}" = Microsoft Games for Windows - LIVE Redistributable

"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2C77444A-EA1C-4A48-8CF1-B32A2CFC785C}" = Network Magic

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)

"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10

"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools

"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation

"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0

"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0

"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate

"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition

"{5DE1B7CF-7429-40CA-987F-6BEE09B63787}" = Prime95

"{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins

"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player

"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver

"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing

"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5

"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682

"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5720C2D-331A-41CA-9417-9D628A8D1C01}" = Pure Networks Platform

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English

"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)

"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T

"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes

"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New

"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files

"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

"8198C7AC51A3DF27EC59783566CCDD4B6E6F1A1D" = Windows Driver Package - Pure Networks, Inc. Pure Networks Wireless Driver (08/24/2007 4.6.7236.0)

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"All ATI Software" = ATI - Software Uninstall Utility

"Ask Toolbar_is1" = Vuze Toolbar

"a-squared Free_is1" = a-squared Free 2.1

"ATI Display Driver" = ATI Display Driver

"AudioCS" = Creative Audio Console

"CCleaner" = CCleaner (remove only)

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"EBA03E8208F5C2C69DE38D5BAC4D99ED64267EB5" = Windows Driver Package - Pure Networks, Inc. Pure Networks Device Discovery Driver (08/24/2007 4.6.7236.0)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Fallout" = Fallout

"FlashFXP v3.2.0 (Build 1080) Scene Edition" = FlashFXP v3.2.0 (Build 1080) Scene Edition

"FragFX" = FragFX

"Fraps" = Fraps

"Free Window Registry Repair" = Free Window Registry Repair

"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War

"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10

"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3

"LimeWire" = LimeWire 5.2.13

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"MINERVA: Metastasis" = MINERVA: Metastasis

"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)

"Network MagicUninstall" = Network Magic

"NVIDIA Drivers" = NVIDIA Drivers

"OrganicArtMS" = Organic Art, Microsoft Edition

"PunkBusterSvc" = PunkBuster Services

"RealPlayer 6.0" = RealPlayer

"SBOSB DEMO CD" = Sounds Best On Sound Blaster

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"SiSoftware Sandra Professional 2005_is1" = SiSoftware Sandra Professional 2005 (Win64/32/CE)

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20

"Steam App 220" = Half-Life 2

"Steam App 380" = Half-Life 2: Episode One

"Steam App 400" = Portal

"Steam App 420" = Half-Life 2: Episode Two

"Steam App 440" = Team Fortress 2

"SysInfo" = Creative System Information

"SystemRequirementsLab" = System Requirements Lab

"Underwater Life Screensaver_is1" = Underwater Life Screensaver 1.0

"VLC media player" = VideoLAN VLC media player 0.8.5

"Vuze" = Vuze

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

"Steam App 211" = Source SDK

"Steam App 215" = Source SDK Base

"Steam App 220" = Half-Life 2

"Steam App 320" = Half-Life 2: Deathmatch

"Steam App 340" = Half-Life 2: Lost Coast

"Steam App 7710" = Bioshock Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/8/2009 12:49:00 PM | Computer Name = MATTOS1 | Source = Application Hang | ID = 1002

Description = Hanging application iTunes.exe, version 8.2.0.23, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 12:49:30 PM | Computer Name = MATTOS1 | Source = Application Hang | ID = 1002

Description = Hanging application iTunes.exe, version 8.2.0.23, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 9/14/2009 6:08:13 PM | Computer Name = MATTOS1 | Source = Application Error | ID = 1000

Description = Faulting application itunes.exe, version 8.2.0.23, faulting module

unknown, version 0.0.0.0, fault address 0x10001040.

Error - 9/14/2009 6:10:22 PM | Computer Name = MATTOS1 | Source = MsiInstaller | ID = 10005

Description = Product: iPhone Configuration Utility -- iPhone Configuration Utility

requires the Microsoft .NET Framework 3.5 Service Pack 1.

Error - 10/20/2009 10:12:21 PM | Computer Name = MATTOS1 | Source = Application Error | ID = 1000

Description = Faulting application acrord32.exe, version 8.1.0.137, faulting module

acrord32.dll, version 8.1.4.200, fault address 0x00512636.

Error - 10/20/2009 10:12:34 PM | Computer Name = MATTOS1 | Source = Application Error | ID = 1001

Description = Fault bucket 1191113350.

Error - 10/21/2009 8:52:21 PM | Computer Name = MATTOS1 | Source = Application Error | ID = 1000

Description = Faulting application wlcomm.exe, version 14.0.8064.206, faulting module

61b0f41a.x86.dll, version 0.0.0.0, fault address 0x00005874.

Error - 10/21/2009 8:52:39 PM | Computer Name = MATTOS1 | Source = Application Error | ID = 1000

Description = Faulting application wlcomm.exe, version 14.0.8064.206, faulting module

61b0f41a.x86.dll, version 0.0.0.0, fault address 0x00005874.

Error - 10/22/2009 7:24:15 AM | Computer Name = MATTOS1 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

Error - 10/23/2009 3:29:44 PM | Computer Name = MATTOS1 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: A connection with the server could not be established

[ System Events ]

Error - 10/23/2009 3:30:01 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

Error - 10/23/2009 3:30:01 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7031

Description = The ASKService service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 10/23/2009 3:30:01 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7031

Description = The a-squared Free Service service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be taken in 0 milliseconds:

Restart the service.

Error - 10/23/2009 3:30:01 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7034

Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 10/23/2009 3:30:01 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7034

Description = The Pure Networks Platform Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 10/23/2009 3:30:01 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7034

Description = The Application Layer Gateway Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 10/23/2009 3:30:01 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7034

Description = The Print Spooler service terminated unexpectedly. It has done this

1 time(s).

Error - 10/23/2009 3:39:39 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service

to connect.

Error - 10/23/2009 3:39:46 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service

to connect.

Error - 10/23/2009 3:43:54 PM | Computer Name = MATTOS1 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ATITool

< End of report >

[mattyink]

OTL logfile created on: 10/23/2009 4:01:58 PM - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Mattyink\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.48% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 75.10 Gb Free Space | 50.39% Space Free | Partition Type: NTFS

Drive D: | 149.05 Gb Total Space | 67.52 Gb Free Space | 45.30% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MATTOS1

Current User Name: Mattyink

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mattyink\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)

PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)

PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

PRC - c:\program files\a-squared free\a2service.exe (Emsi Software GmbH)

PRC - C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe ()

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

PRC - C:\windows\explorer.exe (Microsoft Corporation)

PRC - C:\windows\System32\Ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\windows\System32\CTsvcCDA.exe (Creative Technology Ltd)

PRC - C:\windows\System32\PnkBstrA.exe ()

PRC - C:\windows\System32\wdfmgr.exe (Microsoft Corporation)

PRC - C:\windows\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (a2free [Auto | Running]) -- c:\program files\a-squared free\a2service.exe (Emsi Software GmbH)

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

SRV - (APC UPS Service [Auto | Running]) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (ASKService [Auto | Running]) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Ati HotKey Poller [Auto | Running]) -- C:\windows\System32\Ati2evxx.exe (ATI Technologies Inc.)

SRV - (ATI Smart [Auto | Stopped]) -- C:\windows\System32\ati2sgag.exe ()

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\windows\System32\CTsvcCDA.exe (Creative Technology Ltd)

SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (helpsvc [Auto | Running]) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)

SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (PnkBstrA [Auto | Running]) -- C:\windows\System32\PnkBstrA.exe ()

SRV - (SandraDataSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe (SiSoftware)

SRV - (SandraTheSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe (SiSoftware)

SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

SRV - (UMWdf [Auto | Running]) -- C:\windows\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AmdK8 [system | Running]) -- C:\windows\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)

DRV - (AmdLLD [On_Demand | Running]) -- C:\windows\System32\DRIVERS\AmdLLD.sys (AMD, Inc.)

DRV - (AsIO [system | Running]) -- C:\windows\System32\drivers\AsIO.sys ()

DRV - (ati2mtag [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ATIAVAIW [On_Demand | Running]) -- C:\windows\System32\DRIVERS\atinavt2.sys (ATI Technologies Inc.)

DRV - (atksgt [Auto | Running]) -- C:\windows\System32\DRIVERS\atksgt.sys ()

DRV - (catchme [On_Demand | Running]) -- File not found

DRV - (ctac32k [On_Demand | Running]) -- C:\windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)

DRV - (ctaud2k [On_Demand | Running]) -- C:\windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)

DRV - (ctprxy2k [On_Demand | Running]) -- C:\windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ctsfm2k [On_Demand | Running]) -- C:\windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (d347bus [boot | Running]) -- C:\windows\system32\DRIVERS\d347bus.sys ( )

DRV - (d347prt [boot | Running]) -- C:\windows\System32\Drivers\d347prt.sys ( )

DRV - (emupia [On_Demand | Running]) -- C:\windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ENTECH [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\ENTECH.sys (EnTech Taiwan)

DRV - (fssfltr [Auto | Running]) -- C:\windows\System32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (gameenum [On_Demand | Running]) -- C:\windows\System32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (ha20x2k [On_Demand | Running]) -- C:\windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV - (HidBatt [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (lirsgt [Auto | Running]) -- C:\windows\System32\DRIVERS\lirsgt.sys ()

DRV - (lusbaudio [system | Stopped]) -- C:\windows\System32\drivers\OVSound2.sys (Microsoft Corporation)

DRV - (MPE [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\MPE.sys (Microsoft Corporation)

DRV - (MTsensor [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ASACPI.sys ()

DRV - (nvata [boot | Running]) -- C:\windows\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (NVENETFD [On_Demand | Running]) -- C:\windows\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvnetbus [On_Demand | Running]) -- C:\windows\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)

DRV - (ossrv [On_Demand | Running]) -- C:\windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (pnarp [Auto | Running]) -- C:\windows\System32\DRIVERS\pnarp.sys (Pure Networks, Inc.)

DRV - (Ptilink [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (purendis [Auto | Running]) -- C:\windows\System32\DRIVERS\purendis.sys (Pure Networks, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (QCEmerald [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\OVCE.sys (Microsoft Corporation)

DRV - (SaiH3509 [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\SaiH3509.sys (Saitek)

DRV - (SaiHFF0C [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\SaiHFF0C.sys (Saitek)

DRV - (SaiNtBus [On_Demand | Stopped]) -- C:\windows\System32\drivers\SaiBus.sys (Saitek)

DRV - (SaiU3509 [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\SaiU3509.sys (Saitek)

DRV - (SaiUFF0C [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\SaiUFF0C.sys (Saitek)

DRV - (Secdrv [Auto | Running]) -- C:\windows\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SI3132 [boot | Running]) -- C:\windows\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.)

DRV - (SiFilter [boot | Running]) -- C:\windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)

DRV - (WmBEnum [On_Demand | Running]) -- C:\windows\System32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (WmFilter [On_Demand | Stopped]) -- C:\windows\System32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmVirHid [On_Demand | Stopped]) -- C:\windows\System32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmXlCore [On_Demand | Running]) -- C:\windows\System32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (X4HSX32 [Auto | Running]) -- C:\Program Files\GameTap Web Player\bin\release\X4HSX32.Sys (Exent Technologies Ltd.)

DRV - (yukonwxp [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\yk51x86.sys (Marvell)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mattyink\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: GameTap@gametap.com:4.0.80.1588

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/10 12:08:34 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/17 21:54:37 | 00,000,000 | ---D | M]

[2009/02/27 21:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Extensions

[2008/09/06 19:49:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/02/27 21:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Extensions\mozswing@mozswing.org

[2009/10/21 20:04:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Firefox\Profiles\gki0vkym.default\extensions

[2009/05/30 20:25:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Firefox\Profiles\gki0vkym.default\extensions\GameTap@gametap.com

[2008/11/09 19:09:03 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Mattyink\Application Data\Mozilla\FireFox\Profiles\gki0vkym.default\searchplugins\ask.xml

[2009/10/21 20:04:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/09/11 00:48:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2007/04/12 00:04:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

[2007/08/12 21:28:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[2007/10/12 14:04:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2008/01/14 00:23:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

[2008/03/14 09:24:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

[2008/07/26 07:23:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/09/11 00:48:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/09/11 00:48:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll

[2008/01/03 19:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2004/11/12 23:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll

[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2007/10/19 20:54:50 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2007/02/12 15:30:16 | 00,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\mozilla firefox\plugins\npigl.dll

[2009/09/11 00:48:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2007/01/10 03:57:11 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/01/10 03:57:19 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

[2007/01/10 03:57:10 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2006/10/19 12:26:00 | 00,363,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npupd62.dll

[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll

[2008/11/17 11:11:32 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2008/11/17 11:11:32 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2008/11/17 11:11:32 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2008/11/17 11:11:32 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2008/11/17 11:11:32 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/06/06 15:26:29 | 00,002,383 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seekapp139.xml

[2008/11/17 11:11:32 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/04/14 17:18:30 | 00,000,789 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe ()

O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe ()

O4 - HKLM..\Run: [CTHelper] C:\windows\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\windows\System32\*.tmp files]

[3 C:\windows\*.tmp files]

[2009/10/21 21:14:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2009/10/21 22:37:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/10/21 17:03:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/10/21 20:47:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mattyink\Application Data\Malwarebytes

[2009/10/17 21:54:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2009/09/26 11:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\FragFX

[2009/10/21 20:53:51 | 00,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair

[2009/10/17 21:54:20 | 00,000,000 | ---D | C] -- C:\Program Files\Google

[2009/10/21 19:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/09/25 22:56:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2009/10/23 16:00:52 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mattyink\Desktop\OTL.exe

[2009/10/23 15:48:43 | 00,000,000 | ---D | C] -- C:\windows\temp

[2009/10/23 15:26:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2009/10/22 07:20:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe

[2009/10/22 07:20:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2009/10/22 07:20:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2009/10/22 07:19:19 | 00,000,000 | ---D | C] -- C:\windows\ERDNT

[2009/10/22 07:16:26 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/10/21 19:12:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2009/10/21 19:12:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2009/10/21 17:03:03 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mattyink\Desktop\mbam-setup.exe

[2009/10/17 21:55:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mattyink\My Documents\Downloads

[2009/09/26 11:44:15 | 00,000,000 | ---D | C] -- C:\windows\System32\FragFx

[2006/11/22 14:36:37 | 00,155,136 | ---- | C] ( ) -- C:\windows\System32\drivers\d347bus.sys

[2006/11/22 14:36:37 | 00,005,248 | ---- | C] ( ) -- C:\windows\System32\drivers\d347prt.sys

[2006/05/24 00:38:39 | 00,033,792 | ---- | C] ( ) -- C:\windows\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2 C:\windows\System32\*.tmp files]

[3 C:\windows\*.tmp files]

[2009/10/23 16:00:52 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mattyink\Desktop\OTL.exe

[2009/10/23 15:51:49 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/23 15:45:37 | 00,000,246 | ---- | M] () -- C:\windows\system.ini

[2009/10/23 15:41:36 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

[2009/10/23 15:41:15 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2009/10/23 15:40:48 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2009/10/23 15:40:45 | 00,060,452 | ---- | M] () -- C:\windows\System32\ativvaxx.cap

[2009/10/23 15:40:35 | 21,467,34080 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/23 15:40:01 | 00,064,900 | ---- | M] () -- C:\windows\System32\DVCState-{00000004-00000000-00000008-00001102-00000005-002C1102}.rfx

[2009/10/23 15:40:01 | 00,053,540 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000004-00000000-00000008-00001102-00000005-002C1102}.rfx

[2009/10/23 15:40:01 | 00,053,540 | ---- | M] () -- C:\windows\System32\BMXState-{00000004-00000000-00000008-00001102-00000005-002C1102}.rfx

[2009/10/23 15:40:01 | 00,001,080 | ---- | M] () -- C:\windows\System32\settingsbkup.sfm

[2009/10/23 15:40:01 | 00,001,080 | ---- | M] () -- C:\windows\System32\settings.sfm

[2009/10/23 15:25:25 | 03,351,787 | R--- | M] () -- C:\Documents and Settings\Mattyink\Desktop\ComboFix.exe

[2009/10/23 15:21:18 | 00,005,888 | ---- | M] () -- C:\windows\System32\settings.aaw

[2009/10/23 15:21:18 | 00,001,088 | ---- | M] () -- C:\windows\System32\history.aaw

[2009/10/23 14:52:55 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2009/10/22 21:49:20 | 01,574,392 | -H-- | M] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\IconCache.db

[2009/10/22 07:13:18 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\Mattyink\Desktop\exeHelper.com

[2009/10/22 06:47:34 | 00,000,080 | ---- | M] () -- C:\windows\System32\quarantine.aaw

[2009/10/21 22:40:10 | 42,558,004 | R--- | M] () -- C:\windows\System32\core.aawdef

[2009/10/21 22:38:39 | 00,000,084 | ---- | M] () -- C:\windows\System32\PubKey.key

[2009/10/21 20:41:16 | 00,000,552 | ---- | M] () -- C:\windows\win.ini

[2009/10/21 19:00:47 | 00,026,088 | ---- | M] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/10/21 18:58:10 | 00,142,032 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2009/10/21 17:03:07 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mattyink\Desktop\mbam-setup.exe

[2009/10/17 11:49:38 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/10/15 18:39:00 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job

[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\windows\PEV.exe

[2009/09/26 11:44:15 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\Mattyink\Desktop\Frag FX v.2.1.1 Tweak Utility.lnk

========== Files - No Company Name ==========

[2009/10/23 15:51:49 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/22 07:20:20 | 00,236,544 | ---- | C] () -- C:\windows\PEV.exe

[2009/10/22 07:20:20 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe

[2009/10/22 07:20:20 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe

[2009/10/22 07:20:20 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe

[2009/10/22 07:15:18 | 03,351,787 | R--- | C] () -- C:\Documents and Settings\Mattyink\Desktop\ComboFix.exe

[2009/10/22 07:13:18 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\Mattyink\Desktop\exeHelper.com

[2009/10/22 06:46:06 | 00,000,080 | ---- | C] () -- C:\windows\System32\quarantine.aaw

[2009/10/21 22:39:18 | 42,558,004 | R--- | C] () -- C:\windows\System32\core.aawdef

[2009/10/21 22:38:39 | 00,000,084 | ---- | C] () -- C:\windows\System32\PubKey.key

[2009/09/26 11:44:15 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\Mattyink\Desktop\Frag FX v.2.1.1 Tweak Utility.lnk

[2008/12/08 19:34:14 | 00,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll

[2007/12/22 19:47:07 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\fusioncache.dat

[2007/12/22 17:56:59 | 00,022,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys

[2007/12/22 17:56:59 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Mattyink\Application Data\PnkBstrK.sys

[2007/10/19 20:56:16 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll

[2007/10/19 20:54:28 | 00,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest

[2007/10/19 20:54:28 | 00,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest

[2007/10/18 05:02:34 | 00,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll

[2007/10/02 01:35:55 | 00,011,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/08/07 20:22:22 | 00,141,180 | ---- | C] () -- C:\windows\System32\xlive.dll.cat

[2007/07/24 15:54:24 | 00,552,960 | ---- | C] () -- C:\windows\System32\xvidcore.dll

[2007/07/24 15:54:24 | 00,159,744 | ---- | C] () -- C:\windows\System32\xvidvfw.dll

[2007/07/09 03:33:03 | 01,574,392 | -H-- | C] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\IconCache.db

[2007/06/16 17:47:05 | 00,271,360 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys

[2007/06/16 17:47:05 | 00,018,048 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys

[2007/06/01 03:03:49 | 00,000,010 | ---- | C] () -- C:\windows\WININIT.INI

[2007/05/01 22:13:09 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/05/01 22:06:31 | 00,000,152 | ---- | C] () -- C:\windows\CoolPlay.ini

[2007/05/01 19:50:31 | 00,087,403 | ---- | C] () -- C:\windows\System32\instwdm.ini

[2007/05/01 19:50:31 | 00,003,072 | ---- | C] () -- C:\windows\CTXFIRES.DLL

[2007/05/01 19:50:31 | 00,000,191 | ---- | C] () -- C:\windows\System32\ctzapxx.ini

[2007/04/14 16:57:06 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll

[2007/04/14 16:57:06 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll

[2007/04/14 16:57:06 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll

[2007/01/10 04:02:52 | 00,000,025 | ---- | C] () -- C:\windows\cdplayer.ini

[2006/12/29 22:41:21 | 00,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini

[2006/11/22 02:56:56 | 00,069,632 | R--- | C] () -- C:\windows\System32\xmltok.dll

[2006/11/22 02:56:56 | 00,036,864 | R--- | C] () -- C:\windows\System32\xmlparse.dll

[2006/11/21 20:18:34 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI

[2006/11/20 21:49:04 | 00,024,576 | ---- | C] () -- C:\windows\System32\AsIO.dll

[2006/11/20 21:49:04 | 00,005,685 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys

[2006/11/20 21:49:03 | 00,012,096 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp64.sys

[2006/11/20 21:49:03 | 00,010,304 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp32.sys

[2006/11/20 21:48:55 | 00,005,810 | ---- | C] () -- C:\windows\System32\drivers\ASACPI.sys

[2006/11/20 01:31:24 | 00,003,972 | ---- | C] () -- C:\windows\System32\drivers\PciBus.sys

[2006/11/20 00:50:25 | 00,026,088 | ---- | C] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2006/11/20 00:46:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Mattyink\Application Data\desktop.ini

[2006/11/20 00:07:45 | 00,363,520 | ---- | C] () -- C:\windows\System32\PsisDecd.dll

[2006/11/19 23:48:46 | 00,000,204 | ---- | C] () -- C:\windows\RtlRack.ini

[2006/09/27 16:47:40 | 00,000,307 | ---- | C] () -- C:\windows\System32\KILL.INI

[2006/08/17 11:33:54 | 00,037,888 | ---- | C] () -- C:\windows\System32\CTBURST.DLL

[2006/07/07 15:30:22 | 00,073,728 | ---- | C] () -- C:\windows\System32\ts.dll

[2005/06/07 21:10:50 | 00,070,656 | ---- | C] () -- C:\windows\System32\CTMMACTL.DLL

[2004/08/22 18:04:56 | 00,069,120 | ---- | C] () -- C:\windows\daemon.dll

[2004/08/04 03:56:44 | 00,081,920 | ---- | C] () -- C:\windows\System32\ieencode.dll

[2002/05/17 18:18:30 | 00,124,928 | ---- | C] () -- C:\windows\System32\mp4fil32.dll

[2001/08/23 08:00:00 | 00,000,552 | ---- | C] () -- C:\windows\win.ini

[2001/08/23 08:00:00 | 00,000,246 | ---- | C] () -- C:\windows\system.ini

========== LOP Check ==========

[2009/10/23 15:08:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/03/15 16:01:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/09/14 18:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/16 21:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/12/11 16:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy

[2008/11/14 18:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI

[2009/09/27 12:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2008/12/07 15:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap

[2009/05/30 20:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player

[2008/11/09 19:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks

[2008/12/10 23:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/11/28 12:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited

[2008/09/30 15:31:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia

[2007/07/06 13:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2009/10/23 15:39:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Mattyink\Application Data

[2007/05/24 13:47:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\ATI

[2006/11/29 04:04:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\atitray

[2007/02/14 00:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\AVG7

[2008/01/02 23:08:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Bioshock

[2008/07/26 00:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\dvdcss

[2008/09/30 15:32:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Gamelab

[2007/04/28 20:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\IDMComp

[2006/11/22 02:44:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\InterTrust

[2006/12/22 05:13:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Kazaa Lite

[2007/01/12 00:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Leadertech

[2008/09/11 18:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Move Networks

[2009/01/31 22:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\MPEG Streamclip

[2006/12/04 02:26:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Mattyink\Application Data\SecuROM

[2008/11/13 13:40:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\SystemRequirementsLab

[2009/06/06 15:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\TERMINAL Studio

[2009/09/10 19:58:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\U3

[2008/09/30 14:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Zen Puzzle Garden

[2009/10/15 18:39:00 | 00,000,284 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job

[2001/08/23 08:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini

[2009/10/23 15:41:36 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 319 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

There you go hope you find anything in there.

Thanks a lot again

If i get out of this virus free i will gladly pay for the full version of malwarebytes because you guys really care about the community.

[chamber]

Hi,

The full version of Malwarebytes is awesome.

Go to Add or Remove Programs and uninstall the following,

Vuze Toolbar

LimeWire 5.2.13

Vuze

1) OTL

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
  SRV - (ASKService [Auto | Running]) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
  O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
  O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

2) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
  
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  

3) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
  

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • 
    
  • Spyware, adware, dialers, and other riskware
    
  • Archives
    
  • E-mail databases
    

  [*]Click on My Computer under the green Scan bar to the left to start the scan.

  [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

  [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  [*]Click View report... at the bottom.

  [*] Click the Save report... button.

  

  [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) OTL logs

2) Kaspersky scan

[mattyink]

Wow service even on the weekend? You guys are great.

FIRST LOG

All processes killed

========== OTL ==========

No active process named AskService.exe was found!

Service\Driver ASKService not found.

Service\Driver ASKService not found.

File C:\Program Files\AskBarDis\bar\bin\AskService.exe not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.

File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.

File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.

File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.

Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}

C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 2179206 bytes

User: Mattyink

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Temp\Perflib_Perfdata_6f8.dat scheduled to be deleted on reboot.

->Temp folder emptied: 1374845 bytes

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 119391728 bytes

->Google Chrome cache emptied: 6301176 bytes

->Apple Safari cache emptied: 15151310 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2142714 bytes

%systemroot%\System32 .tmp files removed: 5552657 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 145.11 mb

OTL by OldTimer - Version 3.0.22.1 log created on 10242009_140222

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Mattyink\Local Settings\Temp\Perflib_Perfdata_6f8.dat not found!

Registry entries deleted on Reboot...

SECOND LOG

-----------

OTL logfile created on: 10/24/2009 2:11:47 PM - Run 2

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Mattyink\Desktop\STvirus

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.44% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 87.88 Gb Free Space | 58.96% Space Free | Partition Type: NTFS

Drive D: | 149.05 Gb Total Space | 67.52 Gb Free Space | 45.30% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MATTOS1

Current User Name: Mattyink

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mattyink\Desktop\STvirus\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)

PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)

PRC - c:\program files\a-squared free\a2service.exe (Emsi Software GmbH)

PRC - C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe ()

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\windows\CTHELPER.EXE (Creative Technology Ltd)

PRC - C:\windows\Explorer.EXE (Microsoft Corporation)

PRC - C:\windows\System32\Ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\windows\System32\CTsvcCDA.exe (Creative Technology Ltd)

PRC - C:\windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)

PRC - C:\windows\System32\CTXFISPI.EXE (Creative Technology Ltd)

PRC - C:\windows\System32\PnkBstrA.exe ()

PRC - C:\windows\System32\wdfmgr.exe (Microsoft Corporation)

PRC - C:\windows\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (a2free [Auto | Running]) -- c:\program files\a-squared free\a2service.exe (Emsi Software GmbH)

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

SRV - (APC UPS Service [Auto | Running]) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Ati HotKey Poller [Auto | Running]) -- C:\windows\System32\Ati2evxx.exe (ATI Technologies Inc.)

SRV - (ATI Smart [Auto | Stopped]) -- C:\windows\System32\ati2sgag.exe ()

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\windows\System32\CTsvcCDA.exe (Creative Technology Ltd)

SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (helpsvc [Auto | Running]) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)

SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (PnkBstrA [Auto | Running]) -- C:\windows\System32\PnkBstrA.exe ()

SRV - (SandraDataSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe (SiSoftware)

SRV - (SandraTheSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe (SiSoftware)

SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

SRV - (UMWdf [Auto | Running]) -- C:\windows\System32\wdfmgr.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mattyink\Desktop\STvirus\OTL.exe (OldTimer Tools)

MOD - C:\windows\System32\ctagent.dll (Creative Technology Ltd)

MOD - C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: GameTap@gametap.com:4.0.80.1588

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/10 12:08:34 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/17 21:54:37 | 00,000,000 | ---D | M]

[2009/02/27 21:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Extensions

[2008/09/06 19:49:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/02/27 21:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Extensions\mozswing@mozswing.org

[2009/10/21 20:04:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Firefox\Profiles\gki0vkym.default\extensions

[2009/05/30 20:25:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\mozilla\Firefox\Profiles\gki0vkym.default\extensions\GameTap@gametap.com

[2008/11/09 19:09:03 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Mattyink\Application Data\Mozilla\FireFox\Profiles\gki0vkym.default\searchplugins\ask.xml

[2009/10/21 20:04:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/09/11 00:48:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2007/04/12 00:04:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

[2007/08/12 21:28:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[2007/10/12 14:04:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2008/01/14 00:23:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

[2008/03/14 09:24:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

[2008/07/26 07:23:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/09/11 00:48:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/09/11 00:48:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll

[2008/01/03 19:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2004/11/12 23:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll

[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2007/10/19 20:54:50 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2007/02/12 15:30:16 | 00,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\mozilla firefox\plugins\npigl.dll

[2009/09/11 00:48:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2007/01/10 03:57:11 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/09/14 18:08:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/01/10 03:57:19 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

[2007/01/10 03:57:10 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2006/10/19 12:26:00 | 00,363,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npupd62.dll

[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll

[2008/11/17 11:11:32 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2008/11/17 11:11:32 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2008/11/17 11:11:32 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2008/11/17 11:11:32 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2008/11/17 11:11:32 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/06/06 15:26:29 | 00,002,383 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seekapp139.xml

[2008/11/17 11:11:32 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/04/14 17:18:30 | 00,000,789 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe ()

O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe ()

O4 - HKLM..\Run: [CTHelper] C:\windows\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/23 18:56:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI

[2009/10/24 12:31:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative

[2009/10/21 22:37:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/10/21 17:03:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/10/23 16:31:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mattyink\Application Data\LimeWire

[2009/10/21 20:47:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mattyink\Application Data\Malwarebytes

[2009/10/17 21:54:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2009/10/17 21:54:20 | 00,000,000 | ---D | C] -- C:\Program Files\Google

[2009/10/21 19:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/24 14:02:22 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/10/23 17:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mattyink\Desktop\STvirus

[2009/10/23 15:48:43 | 00,000,000 | ---D | C] -- C:\windows\temp

[2009/10/23 15:26:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2009/10/22 07:20:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe

[2009/10/22 07:20:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2009/10/22 07:20:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2009/10/22 07:19:19 | 00,000,000 | ---D | C] -- C:\windows\ERDNT

[2009/10/22 07:16:26 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/10/21 19:12:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2009/10/21 19:12:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2009/10/17 21:55:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mattyink\My Documents\Downloads

[2006/11/22 14:36:37 | 00,155,136 | ---- | C] ( ) -- C:\windows\System32\drivers\d347bus.sys

[2006/11/22 14:36:37 | 00,005,248 | ---- | C] ( ) -- C:\windows\System32\drivers\d347prt.sys

[2006/05/24 00:38:39 | 00,033,792 | ---- | C] ( ) -- C:\windows\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2009/10/24 14:04:10 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

[2009/10/24 14:03:28 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2009/10/24 14:03:24 | 00,060,452 | ---- | M] () -- C:\windows\System32\ativvaxx.cap

[2009/10/24 14:03:15 | 21,467,34080 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/24 14:02:42 | 00,064,900 | ---- | M] () -- C:\windows\System32\DVCState-{00000004-00000000-00000008-00001102-00000005-002C1102}.rfx

[2009/10/24 14:02:42 | 00,053,540 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000004-00000000-00000008-00001102-00000005-002C1102}.rfx

[2009/10/24 14:02:42 | 00,053,540 | ---- | M] () -- C:\windows\System32\BMXState-{00000004-00000000-00000008-00001102-00000005-002C1102}.rfx

[2009/10/24 14:02:42 | 00,001,080 | ---- | M] () -- C:\windows\System32\settingsbkup.sfm

[2009/10/24 14:02:42 | 00,001,080 | ---- | M] () -- C:\windows\System32\settings.sfm

[2009/10/24 14:02:39 | 00,005,888 | ---- | M] () -- C:\windows\System32\settings.aaw

[2009/10/24 14:02:39 | 00,001,088 | ---- | M] () -- C:\windows\System32\history.aaw

[2009/10/24 14:02:32 | 01,573,828 | -H-- | M] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\IconCache.db

[2009/10/24 12:31:49 | 00,024,160 | ---- | M] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/10/24 12:29:54 | 00,138,056 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2009/10/23 17:34:07 | 42,803,804 | R--- | M] () -- C:\windows\System32\core.aawdef

[2009/10/23 15:45:37 | 00,000,246 | ---- | M] () -- C:\windows\system.ini

[2009/10/23 15:41:15 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2009/10/23 14:52:55 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2009/10/22 06:47:34 | 00,000,080 | ---- | M] () -- C:\windows\System32\quarantine.aaw

[2009/10/21 22:38:39 | 00,000,084 | ---- | M] () -- C:\windows\System32\PubKey.key

[2009/10/21 20:41:16 | 00,000,552 | ---- | M] () -- C:\windows\win.ini

[2009/10/15 18:39:00 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job

[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\windows\PEV.exe

========== Files - No Company Name ==========

[2009/10/22 07:20:20 | 00,236,544 | ---- | C] () -- C:\windows\PEV.exe

[2009/10/22 07:20:20 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe

[2009/10/22 07:20:20 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe

[2009/10/22 07:20:20 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe

[2009/10/22 06:46:06 | 00,000,080 | ---- | C] () -- C:\windows\System32\quarantine.aaw

[2009/10/21 22:39:18 | 42,803,804 | R--- | C] () -- C:\windows\System32\core.aawdef

[2009/10/21 22:38:39 | 00,000,084 | ---- | C] () -- C:\windows\System32\PubKey.key

[2008/12/08 19:34:14 | 00,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll

[2007/12/22 19:47:07 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\fusioncache.dat

[2007/12/22 17:56:59 | 00,022,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys

[2007/12/22 17:56:59 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Mattyink\Application Data\PnkBstrK.sys

[2007/10/19 20:56:16 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll

[2007/10/19 20:54:28 | 00,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest

[2007/10/19 20:54:28 | 00,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest

[2007/10/18 05:02:34 | 00,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll

[2007/10/02 01:35:55 | 00,011,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/08/07 20:22:22 | 00,141,180 | ---- | C] () -- C:\windows\System32\xlive.dll.cat

[2007/07/24 15:54:24 | 00,552,960 | ---- | C] () -- C:\windows\System32\xvidcore.dll

[2007/07/24 15:54:24 | 00,159,744 | ---- | C] () -- C:\windows\System32\xvidvfw.dll

[2007/07/09 03:33:03 | 01,573,828 | -H-- | C] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\IconCache.db

[2007/06/16 17:47:05 | 00,271,360 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys

[2007/06/16 17:47:05 | 00,018,048 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys

[2007/06/01 03:03:49 | 00,000,010 | ---- | C] () -- C:\windows\WININIT.INI

[2007/05/01 22:13:09 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/05/01 22:06:31 | 00,000,152 | ---- | C] () -- C:\windows\CoolPlay.ini

[2007/05/01 19:50:31 | 00,087,403 | ---- | C] () -- C:\windows\System32\instwdm.ini

[2007/05/01 19:50:31 | 00,003,072 | ---- | C] () -- C:\windows\CTXFIRES.DLL

[2007/05/01 19:50:31 | 00,000,191 | ---- | C] () -- C:\windows\System32\ctzapxx.ini

[2007/04/14 16:57:06 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll

[2007/04/14 16:57:06 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll

[2007/04/14 16:57:06 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll

[2007/04/14 16:57:04 | 00,053,248 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll

[2007/01/10 04:02:52 | 00,000,025 | ---- | C] () -- C:\windows\cdplayer.ini

[2006/12/29 22:41:21 | 00,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini

[2006/11/22 02:56:56 | 00,069,632 | R--- | C] () -- C:\windows\System32\xmltok.dll

[2006/11/22 02:56:56 | 00,036,864 | R--- | C] () -- C:\windows\System32\xmlparse.dll

[2006/11/21 20:18:34 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI

[2006/11/20 21:49:04 | 00,024,576 | ---- | C] () -- C:\windows\System32\AsIO.dll

[2006/11/20 21:49:04 | 00,005,685 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys

[2006/11/20 21:49:03 | 00,012,096 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp64.sys

[2006/11/20 21:49:03 | 00,010,304 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp32.sys

[2006/11/20 21:48:55 | 00,005,810 | ---- | C] () -- C:\windows\System32\drivers\ASACPI.sys

[2006/11/20 01:31:24 | 00,003,972 | ---- | C] () -- C:\windows\System32\drivers\PciBus.sys

[2006/11/20 00:50:25 | 00,024,160 | ---- | C] () -- C:\Documents and Settings\Mattyink\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2006/11/20 00:46:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Mattyink\Application Data\desktop.ini

[2006/11/20 00:07:45 | 00,363,520 | ---- | C] () -- C:\windows\System32\PsisDecd.dll

[2006/11/19 23:48:46 | 00,000,204 | ---- | C] () -- C:\windows\RtlRack.ini

[2006/09/27 16:47:40 | 00,000,307 | ---- | C] () -- C:\windows\System32\KILL.INI

[2006/08/17 11:33:54 | 00,037,888 | ---- | C] () -- C:\windows\System32\CTBURST.DLL

[2006/07/07 15:30:22 | 00,073,728 | ---- | C] () -- C:\windows\System32\ts.dll

[2005/06/07 21:10:50 | 00,070,656 | ---- | C] () -- C:\windows\System32\CTMMACTL.DLL

[2004/08/22 18:04:56 | 00,069,120 | ---- | C] () -- C:\windows\daemon.dll

[2004/08/04 03:56:44 | 00,081,920 | ---- | C] () -- C:\windows\System32\ieencode.dll

[2002/05/17 18:18:30 | 00,124,928 | ---- | C] () -- C:\windows\System32\mp4fil32.dll

[2001/08/23 08:00:00 | 00,000,552 | ---- | C] () -- C:\windows\win.ini

[2001/08/23 08:00:00 | 00,000,246 | ---- | C] () -- C:\windows\system.ini

========== LOP Check ==========

[2009/10/24 12:31:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/03/15 16:01:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/09/14 18:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/16 21:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/10/23 18:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI

[2008/11/09 19:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks

[2008/12/10 23:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/11/28 12:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited

[2008/09/30 15:31:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia

[2007/07/06 13:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2009/10/23 17:28:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Mattyink\Application Data

[2007/05/24 13:47:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\ATI

[2006/11/29 04:04:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\atitray

[2007/02/14 00:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\AVG7

[2008/01/02 23:08:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Bioshock

[2008/07/26 00:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\dvdcss

[2008/09/30 15:32:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Gamelab

[2007/04/28 20:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\IDMComp

[2006/11/22 02:44:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\InterTrust

[2006/12/22 05:13:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Kazaa Lite

[2007/01/12 00:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Leadertech

[2009/10/23 16:31:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\LimeWire

[2008/09/11 18:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Move Networks

[2009/01/31 22:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\MPEG Streamclip

[2006/12/04 02:26:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Mattyink\Application Data\SecuROM

[2008/11/13 13:40:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\SystemRequirementsLab

[2009/06/06 15:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\TERMINAL Studio

[2009/09/10 19:58:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\U3

[2008/09/30 14:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Zen Puzzle Garden

[2009/10/15 18:39:00 | 00,000,284 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job

[2001/08/23 08:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini

[2009/10/24 14:04:10 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 319 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

KASPERSKY LOG

----------------

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, October 24, 2009

Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, October 24, 2009 20:16:11

Records in database: 3061593

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

F:\

G:\

Scan statistics:

Objects scanned: 60925

Threats found: 3

Infected objects found: 3

Suspicious objects found: 0

Scan duration: 02:34:38

File name / Threat / Threats count

C:\Documents and Settings\Mattyink\My Documents\LimeWire\Saved\a camp 2009.mp3 Infected: Trojan-Downloader.WMA.GetCodec.ac 1

C:\System Volume Information\_restore{F15A0F83-6FDC-49CB-ACA3-5D234529129B}\RP629\A0121692.exe Infected: Trojan.Win32.FraudPack.xek 1

D:\Progiez\mIRC 6.16\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

Selected area has been scanned.

[chamber]

Hi,

Of course service on the weekends.

Things are looking better.

1) OTL

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  [2006/12/22 05:13:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\Kazaa Lite
  [2009/10/23 16:31:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mattyink\Application Data\LimeWire
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\Mattyink\My Documents\LimeWire\Saved\a camp 2009.mp3
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  

2) Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

In your reply I would like to see copied and pasted,

1) OTL log

2) Security Check log

3) How are things running

[mattyink]

And there you go again Chamber.

All processes killed

========== OTL ==========

C:\Documents and Settings\Mattyink\Application Data\Kazaa Lite moved successfully.

C:\Documents and Settings\Mattyink\Application Data\LimeWire moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Documents and Settings\Mattyink\My Documents\LimeWire\Saved\a camp 2009.mp3 moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

User: Mattyink

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Temp\etilqs_kkwuQ6qzUQSlipG8F4Lh scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Temp\Perflib_Perfdata_6f0.dat scheduled to be deleted on reboot.

->Temp folder emptied: 86137710 bytes

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 25621461 bytes

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\XUL.mfl scheduled to be deleted on reboot.

->FireFox cache emptied: 39479742 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

File delete failed. C:\windows\temp\Perflib_Perfdata_4fc.dat scheduled to be deleted on reboot.

Windows Temp folder emptied: 16384 bytes

RecycleBin emptied: 1797537 bytes

Total Files Cleaned = 146.06 mb

OTL by OldTimer - Version 3.0.22.1 log created on 10262009_165736

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Mattyink\Local Settings\Temp\etilqs_kkwuQ6qzUQSlipG8F4Lh not found!

File\Folder C:\Documents and Settings\Mattyink\Local Settings\Temp\Perflib_Perfdata_6f0.dat not found!

C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Mattyink\Local Settings\Application Data\Mozilla\Firefox\Profiles\gki0vkym.default\XUL.mfl moved successfully.

File\Folder C:\windows\temp\Perflib_Perfdata_4fc.dat not found!

Registry entries deleted on Reboot...

And....

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 2

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

a-squared Free 2.1

WMIC entry does not exist for antivirus; attempting automatic update.

``````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Ad-Aware

Spybot - Search & Destroy 1.5.2.20

Spybot - Search & Destroy

CCleaner (remove only)

Java 6 Update 16

Adobe Flash Player 10

Adobe Reader 8.1.5

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe is disabled!

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

As for how my PC is running I'll have to get back to you on that one. Aside from that one time i mentioned in a previous post when Security Tool came back my PC is acting pretty normal.

I have yet to try if booting in safe mode now works, I'm just wanna go by yours instructions. As for System restore well i ain't touching that after all the work we did.

You think it's safe for me to do my online banking or should i wait?

Thanks

[chamber]

I think that you should be ok to use online banking now, however it would still be prudent to change your passwords on a clean computer just to be safe.

You need to update your Adobe reader, visit HERE for the latest version.

You would also need to update spybot if you are going to continue using it.

Is there any reason why you do not have SP3?

[mattyink]

I think that you should be ok to use online banking now, however it would still be prudent to change your passwords on a clean computer just to be safe.

You need to update your Adobe reader, visit HERE for the latest version.

You would also need to update spybot if you are going to continue using it.

Is there any reason why you do not have SP3?

My windows is not legit can i still get SP3?

I still get some weird redirects when using firefox once in a while, any ideas what's this about?

I do not use windows firewall or security at all. Never had problems before. Does the full version of Malwarebytes also doubles as a firewall?

I'm guessing with your reply i seem to be virus free?

Anythig else i should do like checking my registry with regassassins or something?

Thanks again for all the help

[AdvancedSetup]

Well I'm sorry but since you have evidence of cracked or pirated software you're using on the system I have no choice but to close this thread now.

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.