Antivirus updates disabled, W.Explorer malfunctions

RisenWarrior · November 24, 2009

Hi.

Malwarebytes crashes 4 seconds after opening. I cannot install any anti-virus; anti-malware as it will also crash after trying to update definitions. Most Trend Micro products will not even open like Cwshredder and Rootkitbuster. Google searches redirect to odd sites. Windows explorer folders are not functioning properly. Media player classic will not open.

I need help please.

chamber · November 24, 2009

Hi,

Give this a go, if it does not work in normal mode then try safe mode.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

RisenWarrior · November 24, 2009

Thank you for replying. Here is the Combofix log report: SDFix_report.txt

RisenWarrior · November 24, 2009

Sorry...added wrong log file. Here is the correct Combofix: ComboFix.txt. I've tried uploading my Hijackthis log but this forum says: 'Upload failed. You are not permitted to upload this type of file'? It is a text file. I don't understand.

chamber · November 24, 2009

You can copy and paste the logs, I don't need them attached.

chamber · November 24, 2009

Can you re enable everything in MSCONFIG for me.

I need you to uninstall uTorrent and Azureus

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
Folder::
c:\documents and settings\Kelly\Local Settings\Application Data\stxtde
c:\documents and settings\Kelly\Local Settings\Application Data\kxybmv
c:\documents and settings\Kelly\Local Settings\Application Data\jnvcmq
c:\documents and settings\Kelly\Application Data\uTorrent
Registry::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Driver::
FCopy::
c:\windows\system32\dllcache\beep.sys | c:\windows\System32\drivers\beep.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMDRIVE%\nvgts.sys /s /md5
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

RisenWarrior · November 24, 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:42:42 AM, on 24/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--

End of file - 3568 bytes

RisenWarrior · November 24, 2009

ComboFix 09-11-23.02 - Kelly 24/11/2009 9:21.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.2047.1706 [GMT -8:00]

Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Kelly\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Kelly\Application Data\uTorrent

c:\documents and settings\Kelly\Application Data\uTorrent\dht.dat

c:\documents and settings\Kelly\Application Data\uTorrent\dht.dat.old

c:\documents and settings\Kelly\Application Data\uTorrent\resume.dat

c:\documents and settings\Kelly\Application Data\uTorrent\resume.dat.old

c:\documents and settings\Kelly\Application Data\uTorrent\rss.dat

c:\documents and settings\Kelly\Application Data\uTorrent\rss.dat.old

c:\documents and settings\Kelly\Application Data\uTorrent\settings.dat

c:\documents and settings\Kelly\Application Data\uTorrent\settings.dat.old

c:\documents and settings\Kelly\Application Data\uTorrent\utorrent.lng

c:\documents and settings\Kelly\Local Settings\Application Data\jnvcmq

c:\documents and settings\Kelly\Local Settings\Application Data\kxybmv

c:\documents and settings\Kelly\Local Settings\Application Data\stxtde

.

--------------- FCopy ---------------

c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys

.

((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))

.

2009-11-24 17:21 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-11-24 17:21 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-11-24 09:54 . 2009-11-24 09:54 -------- d-----w- c:\windows\ERUNT

2009-11-24 09:38 . 2009-11-24 10:27 -------- d-----w- C:\SDFix

2009-11-24 08:40 . 2009-11-24 08:39 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-24 08:39 . 2009-11-24 08:39 -------- d-----w- c:\program files\Java

2009-11-24 08:04 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe

2009-11-24 08:04 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe

2009-11-23 22:23 . 2009-11-23 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-11-23 19:37 . 2009-11-24 17:21 -------- d-----w- c:\windows\system32\CatRoot2

2009-11-23 19:31 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-23 19:31 . 2009-11-24 09:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-23 19:31 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-23 10:57 . 2009-11-23 10:57 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Threat Expert

2009-11-23 03:26 . 2009-11-23 06:23 -------- d-----w- c:\program files\UnHackMe

2009-11-23 03:13 . 2009-11-23 03:13 -------- d-----w- c:\documents and settings\Kelly\Application Data\AVG8

2009-11-23 01:39 . 2009-11-23 02:47 -------- d-----w- C:\RootkitNO

2009-11-23 01:37 . 2009-11-23 03:26 2 --shatr- c:\windows\winstart.bat

2009-11-22 17:15 . 2009-11-23 19:13 -------- d-----w- C:\Hjt2

2009-11-21 01:09 . 2009-11-23 22:17 -------- d-----w- c:\documents and settings\Kelly\Application Data\vlc

2009-11-20 23:29 . 2009-11-20 23:43 -------- d-----w- c:\program files\DVDInfoPro

2009-11-19 22:46 . 2009-11-19 22:53 -------- d-----w- c:\program files\AoA DVD Ripper

2009-11-18 09:11 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2009-11-18 09:11 . 2008-07-25 08:34 81920 ----a-w- c:\windows\system32\dpl100.dll

2009-11-18 09:11 . 2008-07-25 08:34 683520 ----a-w- c:\windows\system32\divx.dll

2009-11-18 09:11 . 2008-07-23 16:50 3596288 ----a-w- c:\windows\system32\qt-dx331.dll

2009-11-18 09:11 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll

2009-11-18 08:28 . 2009-11-18 08:54 -------- d-----w- c:\program files\MPC HomeCinema

2009-11-15 08:39 . 2004-11-14 14:27 212992 ----a-w- c:\windows\system32\sql.dll

2009-11-15 08:11 . 2009-11-15 08:11 356352 ----a-w- c:\windows\eSellerateEngine.dll

2009-11-14 19:08 . 2009-11-14 19:09 -------- d-----w- c:\documents and settings\Kelly\Application Data\FLV Extract

2009-11-09 04:50 . 2007-04-18 08:53 1945088 ----a-w- c:\windows\system32\avcodec.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-24 17:10 . 2008-11-25 09:09 -------- d-----w- c:\program files\Azureus

2009-11-24 11:09 . 2009-05-06 03:41 117760 ----a-w- c:\documents and settings\Kelly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-11-24 10:54 . 2005-05-02 22:50 -------- d-----w- c:\documents and settings\Kelly\Application Data\Azureus

2009-11-23 11:13 . 2007-01-12 00:17 -------- d-----w- c:\program files\DFX

2009-11-23 11:12 . 2008-05-24 03:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-11-23 11:11 . 2009-06-23 18:13 -------- d-----w- c:\documents and settings\Kelly\Application Data\InstallShield

2009-11-23 11:11 . 2004-09-08 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-23 06:53 . 2006-08-13 07:29 -------- d-----w- c:\program files\CCleaner

2009-11-22 04:50 . 2009-01-06 11:29 -------- d-----w- c:\documents and settings\Kelly\Application Data\Orbit

2009-11-21 01:03 . 2009-06-19 00:05 -------- d-----w- c:\program files\VideoLAN

2009-11-19 23:56 . 2009-01-09 06:38 -------- d-----w- c:\program files\Registry Clean Expert

2009-11-19 22:51 . 2009-04-17 08:04 -------- d-----w- c:\documents and settings\Kelly\Application Data\dvdcss

2009-11-19 06:46 . 2009-03-06 22:59 -------- d-----w- c:\program files\Audiochecker

2009-11-18 09:11 . 2009-01-19 21:01 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-10-13 19:25 . 2009-03-30 18:29 -------- d-----w- c:\program files\Exact Audio Copy

2009-10-13 19:16 . 2008-05-23 01:45 -------- d-----w- c:\documents and settings\Kelly\Application Data\AccurateRip

2009-10-12 06:19 . 2009-08-05 08:23 -------- d-----w- c:\documents and settings\Kelly\Application Data\foobar2000

2007-09-17 17:37 . 2007-09-17 17:37 262144 ----a-w- c:\program files\flac.exe

2005-08-24 20:19 . 2009-06-03 07:56 6966 ----a-w- c:\program files\x264.ico

2005-05-02 18:35 . 2005-05-02 18:35 13502 ----a-w- c:\program files\blue.ico

2005-05-02 18:35 . 2005-05-02 18:35 13502 ----a-w- c:\program files\black.ico

2004-05-30 12:30 . 2007-03-19 20:21 766 ----a-w- c:\program files\xvid.ico

.

((((((((((((((((((((((((((((( SnapShot@2009-11-24_08.12.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-24 17:07 . 2009-11-24 17:07 16384 c:\windows\temp\Perflib_Perfdata_80.dat

+ 2009-11-24 17:08 . 2009-11-24 17:08 16384 c:\windows\temp\Perflib_Perfdata_534.dat

+ 2004-08-19 00:03 . 2009-11-24 17:10 60288 c:\windows\system32\perfc009.dat

- 2004-08-19 00:03 . 2009-11-05 16:45 60288 c:\windows\system32\perfc009.dat

+ 2004-08-19 00:03 . 2009-11-24 17:10 395904 c:\windows\system32\perfh009.dat

- 2004-08-19 00:03 . 2009-11-05 16:45 395904 c:\windows\system32\perfh009.dat

+ 2009-11-24 08:40 . 2009-11-24 08:39 149280 c:\windows\system32\javaws.exe

+ 2009-11-24 08:40 . 2009-11-24 08:39 145184 c:\windows\system32\javaw.exe

+ 2009-11-24 08:40 . 2009-11-24 08:39 145184 c:\windows\system32\java.exe

+ 2009-11-24 09:54 . 2009-11-24 09:54 339968 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2009-11-24 09:54 . 2008-08-07 23:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2009-11-24 09:54 . 2009-11-24 09:54 339968 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2009-11-24 09:54 . 2008-08-07 23:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2009-11-24 08:39 . 2009-11-24 08:39 1757696 c:\windows\Installer\1c64b.msi

+ 2009-11-24 09:54 . 2009-11-24 09:54 14663680 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2009-11-24 09:54 . 2009-11-24 09:54 14663680 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-11-10 236016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-24 149280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-07-12 843776]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-08-26 67584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"System Session Manager Subsystem"=2 (0x2)

"NVSvcNVSvc"=2 (0x2)

"Iprip"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21861:TCP"= 21861:TCP:*:Disabled:port

"27857:TCP"= 27857:TCP:*:Disabled:port

"53:UDP"= 53:UDP:Promo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 10:33 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 10:33 AM 72944]

R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [06/01/2009 4:28 AM 2208]

S0 bufolbhd;bufolbhd;c:\windows\system32\drivers\rrhzik.sys --> c:\windows\system32\drivers\rrhzik.sys [?]

S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/07/2007 5:20 PM 40832]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 10:33 AM 7408]

S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

mSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegClean Expert Scheduler - c:\program files\Registry Clean Expert\RCHelper.exe

HKLM-Run-BMcb562e5a - c:\windows\system32\hlsialqt.dll

HKLM-Run-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-24 09:26

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1286611766-3543556633-2980138700-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C79B1C4-67F1-9B48-5EDA-87465C44A898}*]

@Allowed: (Read) (RestrictedCode)

"iamflagkkdmhhfognk"=hex:6b,61,70,67,67,6b,62,61,67,6d,70,68,61,64,64,66,64,6d,

6c,66,67,61,00,00

"hacfnckbgjkooffj"=hex:6b,61,70,67,67,6b,62,61,67,6d,70,68,61,64,64,66,64,6d,

6c,66,67,61,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Completion time: 2009-11-24 09:29

ComboFix-quarantined-files.txt 2009-11-24 17:29

Pre-Run: 139,490,648,064 bytes free

Post-Run: 139,457,687,552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 45AF3A0682DA4D45A2AAE84D9EDC01C7

RisenWarrior · November 24, 2009

OTL logfile created on: 24/11/2009 9:34:52 AM - Run 1

OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Kelly\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 81.96% Memory free

3.35 Gb Paging File | 3.19 Gb Available in Paging File | 95.17% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 153.38 Gb Total Space | 129.91 Gb Free Space | 84.69% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-C191A06AD4

Current User Name: Kelly

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kelly\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kelly\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (NVSvc) -- File not found

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)

SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)

SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)

SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)

SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)

SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (nxsIO32) -- C:\WINDOWS\system32\drivers\nxsIO32.sys ()

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)

DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)

DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)

DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)

DRV - (Pcouffin) -- C:\WINDOWS\system32\drivers\Pcouffin.sys (VSO Software)

DRV - (FETND5BV) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Technologies, Inc. )

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Technologies, Inc. )

DRV - (viamraid) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys (VIA Technologies inc,.ltd)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (hidgame) -- C:\WINDOWS\system32\drivers\hidgame.sys (Microsoft Corporation)

DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)

DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)

DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)

DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1

FF - prefs.js..extensions.enabledItems: {BC305617-6031-4C9A-A7AF-5C74F6EDABFD}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/24 00:39:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/01 02:05:31 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 00:40:03 | 00,000,000 | ---D | M]

[2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions

[2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/06/23 15:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\extensions

[2009/06/23 15:39:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\1srshufj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/11/24 00:40:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/05/28 23:25:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/11/24 00:40:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2009/02/19 17:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/02/19 17:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/11/24 00:39:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/02/19 17:43:35 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/07/15 08:39:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/02/19 11:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/02/19 11:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/02/19 11:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/02/19 11:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/02/19 11:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/02/19 11:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (21 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/25 03:56:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2007/04/02 10:34:24 | 00,000,065 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

MsConfig - Services: "System Session Manager Subsystem"

MsConfig - Services: "NVSvcNVSvc"

MsConfig - Services: "Iprip"

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 09:21:54 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys

[2009/11/24 09:21:54 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys

[2009/11/24 09:19:54 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/11/24 09:14:34 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe

[2009/11/24 02:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\WinRAR

[2009/11/24 01:54:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/11/24 01:38:36 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/11/24 00:40:03 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/11/24 00:40:03 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/11/24 00:40:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/11/24 00:40:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/11/24 00:40:03 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/11/24 00:39:44 | 00,000,000 | ---D | C] -- C:\Program Files\Java

[2009/11/24 00:17:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/11/24 00:04:31 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe

[2009/11/24 00:04:31 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe

[2009/11/23 23:59:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/11/23 23:59:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/11/23 23:59:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/11/23 23:59:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/11/23 23:58:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/11/23 23:58:46 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/11/23 17:31:21 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx

[2009/11/23 14:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET

[2009/11/23 11:37:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2009/11/23 11:31:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/11/23 11:31:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/11/23 11:31:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/11/23 02:57:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Threat Expert

[2009/11/22 23:44:50 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache

[2009/11/22 23:01:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kelly\Recent

[2009/11/22 22:20:45 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/11/22 19:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe

[2009/11/22 19:13:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\AVG8

[2009/11/22 17:39:23 | 00,000,000 | ---D | C] -- C:\RootkitNO

[2009/11/22 09:15:12 | 00,000,000 | ---D | C] -- C:\Hjt2

[2009/11/21 20:59:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\Queen - 2009 - Absolute Greatest

[2009/11/20 17:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\vlc

[2009/11/20 15:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\DVDInfoPro

[2009/11/19 23:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\2006 - Dear Love; A Beautiful Discord

[2009/11/19 23:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\2007 - Plagues

[2009/11/19 23:08:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\The Devil Wears Prada - With Roots Above And Branches Below (2009)

[2009/11/19 14:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\AoA DVD Ripper

[2009/11/18 01:11:44 | 00,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm

[2009/11/18 01:11:44 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2009/11/18 01:11:44 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2009/11/18 01:11:43 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2009/11/18 01:11:43 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2009/11/18 00:28:31 | 00,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema

[2009/11/15 00:39:19 | 00,618,496 | ---- | C] (Virusface Industries) -- C:\WINDOWS\System32\MSSTTFTTM.ocx

[2009/11/15 00:39:19 | 00,212,992 | ---- | C] (WeOnlyDo! COM) -- C:\WINDOWS\System32\sql.dll

[2009/11/15 00:39:19 | 00,098,304 | ---- | C] (Evova Technology) -- C:\WINDOWS\System32\Msdxm11.ocx

[2009/11/15 00:11:53 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll

[2009/11/14 11:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\FLV Extract

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\Kelly\My Documents\*.tmp files -> C:\Documents and Settings\Kelly\My Documents\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/24 09:29:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/24 09:26:24 | 00,000,253 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/24 09:20:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/11/24 09:14:36 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe

[2009/11/24 09:10:51 | 00,463,192 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/24 09:10:51 | 00,395,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/24 09:10:51 | 00,060,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/24 09:08:03 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/11/24 09:07:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/24 09:06:34 | 14,680,064 | ---- | M] () -- C:\Documents and Settings\Kelly\ntuser.dat

[2009/11/24 09:06:34 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Kelly\ntuser.ini

[2009/11/24 09:06:18 | 00,001,167 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/24 09:06:18 | 00,000,211 | ---- | M] () -- C:\Boot.bak

[2009/11/24 02:20:35 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/11/24 02:15:21 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\IconCache.db

[2009/11/24 00:39:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/11/24 00:39:48 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/11/24 00:39:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/11/24 00:39:48 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/11/24 00:39:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/11/23 23:56:10 | 03,573,838 | R--- | M] () -- C:\Documents and Settings\Kelly\Desktop\ComboFix.exe

[2009/11/23 11:37:54 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/11/23 11:37:54 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/11/23 11:31:14 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/23 03:19:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/11/22 23:44:50 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache

[2009/11/22 23:06:37 | 00,079,360 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/22 19:26:44 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/11/22 19:26:44 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2009/11/22 19:26:44 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat

[2009/11/20 17:06:37 | 00,000,107 | ---- | M] () -- C:\WINDOWS\VobEdit.INI

[2009/11/20 12:03:25 | 00,309,730 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\ncix_rmalabel.pdf

[2009/11/19 19:44:41 | 00,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI

[2009/11/19 15:11:34 | 00,000,413 | ---- | M] () -- C:\WINDOWS\IfoEdit.INI

[2009/11/19 14:50:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\AoADVDRipper.INI

[2009/11/19 12:47:57 | 00,000,961 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Media Player Classic.lnk

[2009/11/15 00:11:53 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll

[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\Kelly\My Documents\*.tmp files -> C:\Documents and Settings\Kelly\My Documents\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 00:00:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/11/23 23:59:57 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/11/23 23:59:05 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/11/23 23:59:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/11/23 23:59:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/11/23 23:59:05 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2009/11/23 23:59:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/11/23 23:56:03 | 03,573,838 | R--- | C] () -- C:\Documents and Settings\Kelly\Desktop\ComboFix.exe

[2009/11/23 11:31:14 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/22 23:44:50 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\housecall.guid.cache

[2009/11/22 22:42:35 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl

[2009/11/22 17:37:34 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat

[2009/11/20 12:03:25 | 00,309,730 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\ncix_rmalabel.pdf

[2009/11/19 14:50:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI

[2009/11/19 12:47:57 | 00,000,961 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Media Player Classic.lnk

[2009/11/18 01:11:45 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/11/18 01:11:44 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml

[2009/11/18 01:11:43 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/11/18 01:11:43 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/18 01:11:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/11/08 20:50:28 | 01,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll

[2009/10/12 10:17:58 | 00,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI

[2009/07/15 08:10:43 | 00,000,053 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI

[2009/06/02 23:56:31 | 00,006,966 | ---- | C] () -- C:\Program Files\x264.ico

[2009/03/05 21:22:13 | 00,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI

[2009/01/06 04:28:19 | 00,002,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\nxsIO32.sys

[2009/01/06 02:54:01 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll

[2008/09/15 16:18:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/04/26 22:54:35 | 00,000,066 | ---- | C] () -- C:\WINDOWS\System32\jesusincanyon.ini

[2007/10/13 21:43:20 | 00,000,142 | ---- | C] () -- C:\WINDOWS\DemoEditor.INI

[2007/09/17 09:37:18 | 00,262,144 | ---- | C] () -- C:\Program Files\flac.exe

[2007/07/16 19:28:51 | 00,001,058 | ---- | C] () -- C:\WINDOWS\pae.ini

[2007/06/18 10:21:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\zlib1d.dll

[2007/05/17 12:19:29 | 00,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini

[2007/05/06 00:23:15 | 00,003,427 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\glide_wrapper.zbag.ini

[2007/03/19 12:21:29 | 00,000,766 | ---- | C] () -- C:\Program Files\xvid.ico

[2007/02/16 08:46:01 | 00,000,120 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\FixVTS.ini

[2007/01/16 17:15:02 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI

[2006/03/15 01:24:30 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll

[2006/03/04 15:10:13 | 00,000,413 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI

[2005/12/05 13:13:56 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll

[2005/12/05 13:13:56 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll

[2005/09/01 10:34:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/06/18 20:15:27 | 00,109,277 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI

[2005/06/17 11:41:14 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2005/05/16 02:08:39 | 00,000,127 | ---- | C] () -- C:\WINDOWS\SP3D.ini

[2005/05/03 10:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll

[2005/05/03 10:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll

[2005/05/02 10:35:10 | 00,013,502 | ---- | C] () -- C:\Program Files\blue.ico

[2005/05/02 10:35:10 | 00,013,502 | ---- | C] () -- C:\Program Files\black.ico

[2005/05/02 00:06:06 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll

[2005/05/02 00:06:06 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini

[2005/05/02 00:05:32 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2005/03/31 21:33:15 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2005/01/13 18:10:46 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2005/01/12 12:39:57 | 00,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2005/01/10 18:48:26 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005/01/10 18:31:31 | 00,079,360 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/01/10 17:08:34 | 01,930,896 | -H-- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\IconCache.db

[2005/01/10 17:08:34 | 00,057,616 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2005/01/10 17:08:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kelly\Application Data\desktop.ini

[2004/10/06 07:30:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/09/28 11:52:34 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll

[2004/09/28 11:50:58 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2004/09/28 11:50:58 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll

[2004/09/08 12:43:04 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2004/08/25 03:56:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini

[2004/08/25 03:52:25 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini

[2004/08/25 03:52:25 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini

[2004/08/25 03:51:08 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini

[2004/08/25 03:51:06 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini

[2004/08/24 20:46:08 | 00,463,192 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2004/08/24 20:46:06 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/24 20:45:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2004/08/18 16:03:47 | 00,001,534 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/08/18 16:03:42 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll

[2004/08/18 16:03:41 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll

[2004/08/18 16:03:17 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll

[2004/08/18 16:03:17 | 00,001,167 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/18 16:03:12 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini

[2004/08/18 16:03:12 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll

[2004/08/18 16:03:11 | 00,000,253 | ---- | C] () -- C:\WINDOWS\system.ini

[2004/08/18 16:03:03 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll

[2004/08/18 16:03:03 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini

[2004/08/18 16:03:01 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll

[2004/08/18 16:03:01 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll

[2004/08/18 16:03:01 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll

[2004/08/18 16:03:01 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll

[2004/08/18 16:03:01 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll

[2004/08/18 16:03:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll

[2004/08/18 16:03:01 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini

[2004/08/18 16:03:01 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini

[2004/08/18 16:03:00 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini

[2004/08/18 16:03:00 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini

[2004/08/18 16:03:00 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini

[2004/08/18 16:03:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini

[2004/08/18 16:02:55 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys

[2004/08/18 16:02:55 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys

[2004/08/18 16:02:55 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys

[2004/08/18 16:02:55 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys

[2004/08/18 16:02:55 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys

[2004/08/18 16:02:55 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys

[2004/08/18 16:02:55 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys

[2004/08/18 16:02:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys

[2004/08/18 16:02:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys

[2004/08/18 16:02:55 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys

[2004/08/18 16:02:49 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll

[2004/08/18 16:02:49 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll

[2004/08/18 16:02:49 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini

[2004/08/18 16:02:45 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll

[2004/08/18 16:02:43 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll

[2004/08/18 16:02:43 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys

[2004/08/18 16:02:43 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys

[2004/08/18 16:02:40 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys

[2004/08/18 16:02:37 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini

[2004/08/18 16:02:37 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll

[2004/08/18 16:02:22 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll

[2004/08/18 16:02:21 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll

[2004/08/18 16:02:21 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys

[2004/08/18 16:02:18 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll

[2004/08/18 16:02:17 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll

[2004/08/18 16:02:17 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys

[2003/01/25 10:52:14 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll

[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/11/01 15:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini

[2002/07/04 14:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini

[2001/12/26 15:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/12/14 12:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll

[2001/09/03 22:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/08/17 14:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

[2001/07/30 15:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/23 21:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2005/05/22 18:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/07/15 08:37:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/07/15 08:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2008/10/07 17:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2004/08/24 20:45:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2009/07/15 12:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX

[2009/11/23 14:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2008/06/11 08:05:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2009/01/21 18:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2006/07/26 23:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa Lite

[2008/09/09 21:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2006/08/19 21:47:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2008/01/29 16:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2008/09/15 16:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero

[2008/12/22 16:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles

[2009/06/23 21:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio

[2005/01/31 13:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2009/01/21 18:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic

[2007/08/20 23:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2009/05/05 19:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2006/02/14 12:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith

[2009/11/23 03:12:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/01/27 21:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue

[2006/08/12 20:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/07/15 08:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2005/05/02 10:35:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\.BitTornado

[2005/04/29 22:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\.bittorrent

[2009/10/13 11:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AccurateRip

[2008/06/16 19:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Adobe

[2005/07/17 12:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AdobeUM

[2008/09/15 16:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Ahead

[2009/07/15 08:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Apple Computer

[2009/11/22 19:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\AVG8

[2009/11/24 02:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Azureus

[2007/05/28 23:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\BitTyrant

[2008/10/07 17:28:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\CyberLink

[2004/08/24 20:45:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Kelly\Application Data\desktop.ini

[2009/11/19 14:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\dvdcss

[2007/02/16 18:08:15 | 00,000,120 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\FixVTS.ini

[2009/11/14 11:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\FLV Extract

[2009/10/11 22:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\foobar2000

[2009/04/18 22:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GetRightToGo

[2007/05/06 00:26:22 | 00,003,427 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\glide_wrapper.zbag.ini

[2007/07/01 18:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GrabIt

[2009/04/18 23:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\GrabPro

[2005/01/16 10:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Help

[2004/08/25 03:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Identities

[2009/08/09 23:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\ImgBurn

[2009/11/23 03:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\InstallShield

[2009/05/28 10:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\IObit

[2006/08/19 21:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Lavasoft

[2005/01/18 22:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Macromedia

[2008/09/09 21:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Malwarebytes

[2009/06/02 22:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Media Player Classic

[2009/11/22 19:07:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Kelly\Application Data\Microsoft

[2007/10/13 21:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Moyea

[2009/05/28 23:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Mozilla

[2008/01/29 16:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\NCH Swift Sound

[2009/08/15 23:21:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\NewsLeecher

[2009/11/21 20:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Orbit

[2009/06/23 22:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Research In Motion

[2006/02/14 13:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\River Past G4

[2009/05/19 01:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Roxio

[2007/05/28 20:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Shareaza

[2005/08/27 23:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Sun

[2009/05/05 19:40:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\SUPERAntiSpyware.com

[2009/01/12 19:34:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Syntrillium

[2008/05/27 11:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Uniblue

[2009/11/23 14:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\vlc

[2009/07/15 12:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Winamp

[2009/11/24 02:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\WinRAR

[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/11/24 09:29:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

[2004/08/26 15:37:45 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\SCS\viamraid.sys

[2004/08/26 15:37:48 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\VIA\Floppy\RAID\2003IA32\viamraid.sys

[2004/08/26 15:37:47 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\VIA\Floppy\RAID\Win2000\viamraid.sys

[2004/08/26 15:37:47 | 00,080,576 | ---- | M] (VIA Technologies inc,.ltd) MD5=9CF8BAD2B61BD1617E1AEC88FFECAEF3 -- C:\PnPDrivers\VIA\Floppy\RAID\Winnt40\viamraid.sys

[2004/08/26 15:37:47 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\VIA\Floppy\RAID\Winxp\viamraid.sys

[2004/08/26 15:37:45 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\PnPDrivers\VIA\VIARaid\driver\Winxp\viamraid.sys

[2004/08/26 15:37:45 | 00,073,600 | ---- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\nvgts.sys /s /md5 >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34C58556

@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

RisenWarrior · November 24, 2009

OTL Extras logfile created on: 24/11/2009 9:34:52 AM - Run 1

OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Kelly\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 81.96% Memory free

3.35 Gb Paging File | 3.19 Gb Available in Paging File | 95.17% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 153.38 Gb Total Space | 129.91 Gb Free Space | 84.69% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-C191A06AD4

Current User Name: Kelly

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [!ezcddaxa] -- "C:\Program Files\Easy CD-DA Extractor 10\convert.exe" "%1" ()

Directory [!ezcddaxb] -- "C:\Program Files\Easy CD-DA Extractor 10\burn.exe" "%1" ()

Directory [!ezcddaxc] -- "C:\Program Files\Easy CD-DA Extractor 10\burn2.exe" "%1" ()

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"21861:TCP" = 21861:TCP:*:Disabled:port

"27857:TCP" = 27857:TCP:*:Disabled:port

"53:UDP" = 53:UDP:*:Enabled:Promo

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{56BED62F-278A-407B-8BCD-E645EC96D2ED}" = Roxio Media Manager

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software

"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{779C40FF-9211-427B-A5C4-2026B85A1033}" = Nero 7 Essentials

"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C93EE22-9F85-4AA8-B4FB-20553DE64F51}" = BlackBerry Desktop Software 4.7

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{D8C6F2D1-96C2-4C4A-83A0-4492E7A48491}" = Audiochecker

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0

"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82

"AVI Splitter_is1" = AVI Splitter

"BlackBerry_{9C93EE22-9F85-4AA8-B4FB-20553DE64F51}" = BlackBerry Desktop Software 4.7

"CCleaner" = CCleaner

"coreavc_is1" = CoreAVC Pro 1.8.5.0

"DFX for Winamp" = DFX for Winamp

"DVD Audio Extractor_is1" = DVD Audio Extractor 4.3.0

"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.8.5

"DVDInfoPro" = DVDInfoPro

"Easy CD-DA Extractor 10" = Easy CD-DA Extractor 10

"Exact Audio Copy" = Exact Audio Copy 0.99pb4

"FLAC" = FLAC Installer 1.1.2a (remove only)

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ImgBurn" = ImgBurn

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Full)

"LeechFTP" = LeechFTP DEC PACK

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"mIRC" = mIRC

"MKVtoolnix" = MKVtoolnix 2.4.0

"Monkey's Audio_is1" = Monkey's Audio

"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)

"NewsLeecher_is1" = NewsLeecher v3.8 Final

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Postal Fudge Pack" = Postal Fudge Pack

"Quake 3 Arena Demo" = Quake 3 Arena Demo

"QuickPar" = QuickPar 0.9

"VLC media player" = VLC media player 1.0.3

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Winamp" = Winamp

"Winamp Essentials Pack" = Winamp Essentials Pack v5.35

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 24/11/2009 4:06:15 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 24/11/2009 4:06:15 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 24/11/2009 4:38:24 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 24/11/2009 4:38:25 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 24/11/2009 5:09:44 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 24/11/2009 5:09:44 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 24/11/2009 5:46:45 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 24/11/2009 5:46:45 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 24/11/2009 6:16:29 AM | Computer Name = YOUR-C191A06AD4 | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070422 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 24/11/2009 6:16:29 AM | Computer Name = YOUR-C191A06AD4 | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

[ System Events ]

Error - 24/11/2009 6:15:22 AM | Computer Name = YOUR-C191A06AD4 | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/11/2009 6:16:29 AM | Computer Name = YOUR-C191A06AD4 | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/11/2009 6:16:44 AM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7001

Description = The Windows Service Pack Installer update service service depends

on the Security Accounts Manager service which failed to start because of the following

error: %%1058

Error - 24/11/2009 6:16:44 AM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Beep bufolbhd

Error - 24/11/2009 6:16:51 AM | Computer Name = YOUR-C191A06AD4 | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 24/11/2009 1:08:23 PM | Computer Name = YOUR-C191A06AD4 | Source = SRService | ID = 104

Description = The System Restore initialization process failed.

Error - 24/11/2009 1:08:29 PM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Display Driver Service service failed to start due to the

following error: %%2

Error - 24/11/2009 1:08:29 PM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher

9 service to connect.

Error - 24/11/2009 1:08:29 PM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

%%2

Error - 24/11/2009 1:09:49 PM | Computer Name = YOUR-C191A06AD4 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Beep bufolbhd

< End of report >

chamber · November 24, 2009

Hi,

No need for the HijackThis log.

1) CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\rrhzik.sys
Folder::
c:\program files\Azureus
c:\documents and settings\Kelly\Application Data\Azureus
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvcNVSvc"=-
"Iprip"=-
Driver::
bufolbhd
KILLALL::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2) OTL

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - (NVSvc) -- File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
[2009/11/24 01:38:36 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/11/22 22:20:45 | 00,000,000 | ---D | C] -- C:\Avenger
[2005/05/02 10:35:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\.BitTornado
[2005/04/29 22:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\.bittorrent
[2009/11/24 02:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Azureus
[2007/05/28 23:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\BitTyrant
[2009/05/28 10:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\IObit

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

In your reply I would like to see copied and pasted,

1) ComboFix log

2) OTL log

RisenWarrior · November 24, 2009

ComboFix 09-11-23.02 - Kelly 24/11/2009 11:19.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.2047.1642 [GMT -8:00]

Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Kelly\Desktop\CFScript.txt

FILE ::

"c:\windows\system32\drivers\rrhzik.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Kelly\Application Data\Azureus

c:\documents and settings\Kelly\Application Data\Azureus\.certs

c:\documents and settings\Kelly\Application Data\Azureus\.keystore

c:\documents and settings\Kelly\Application Data\Azureus\.lock

c:\documents and settings\Kelly\Application Data\Azureus\active\0520702509F7261AFFA3ACF86CEF5DA03F4E02D4.dat

c:\documents and settings\Kelly\Application Data\Azureus\active\07B6FB01F7DA4A236CA1152434990F2ACECD2204.dat

c:\documents and settings\Kelly\Application Data\Azureus\active\8B2237782BCBFADAB9F6F88B2C75183D970F95BE.dat

c:\documents and settings\Kelly\Application Data\Azureus\active\9C0C570737B039B3F8782F49A06B8D157A352AA9.dat

c:\documents and settings\Kelly\Application Data\Azureus\active\cache.dat

c:\documents and settings\Kelly\Application Data\Azureus\azureus.config

c:\documents and settings\Kelly\Application Data\Azureus\azureus.config.bak

c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics

c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics.bad

c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics.bad1

c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics.bak

c:\documents and settings\Kelly\Application Data\Azureus\azureus.statistics.bak.bad

c:\documents and settings\Kelly\Application Data\Azureus\banips.config

c:\documents and settings\Kelly\Application Data\Azureus\dht\addresses.dat

c:\documents and settings\Kelly\Application Data\Azureus\dht\block.dat

c:\documents and settings\Kelly\Application Data\Azureus\dht\contacts.dat

c:\documents and settings\Kelly\Application Data\Azureus\dht\diverse.dat

c:\documents and settings\Kelly\Application Data\Azureus\dht\general.dat

c:\documents and settings\Kelly\Application Data\Azureus\dht\version.dat

c:\documents and settings\Kelly\Application Data\Azureus\downloads.config

c:\documents and settings\Kelly\Application Data\Azureus\downloads.config.bak

c:\documents and settings\Kelly\Application Data\Azureus\filters.config

c:\documents and settings\Kelly\Application Data\Azureus\ipfilter.cache

c:\documents and settings\Kelly\Application Data\Azureus\logs\debug_1.log

c:\documents and settings\Kelly\Application Data\Azureus\logs\thread_1.log

c:\documents and settings\Kelly\Application Data\Azureus\torrents\[torrents[1].ru].t1275316.torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\__Blade.1998.720p.BluRay.x264-BestHD.torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\_Blade.1998.720p.BluRay.x264-BestHD.torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\Akon_Ft_Eminem-Smack_That-Promo_CDS-2006-XXL[1].torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\Blade.1998.720p.BluRay.x264-BestHD.torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\boney m video dvd.torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\Fifty.Pills.DVDSCR.XviD-ReCode[1].torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\La.Femme.Nikita.Season.1.%282.of.2%29[1].torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\La.Femme.Nikita.Season.3.%281.of.2%29[1].torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\My.Sisters.Hot.Friend[1].torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\NewsLeecher_3.8_Final_Thinstalled_www.myPortables.net.4006943.TPB[1].torren

t

c:\documents and settings\Kelly\Application Data\Azureus\torrents\O-Demonoid.com-O_Led_Zeppelin_Physical_Graffiti_(2CDs_Remaster)_825504.7734.torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\o-Demonoid.com-o_Warrant_Cherry_Pie_[FLAC]_825504.7734.torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\Robot Chicken s02e10 Password

c:\documents and settings\Kelly\Application Data\Azureus\torrents\The Third Jesus

c:\documents and settings\Kelly\Application Data\Azureus\torrents\Underworld[1].Evolution.2006.BRRip.X264-CHD [mininova].torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\Within_Temptation-Angels-2005-x264-[sneakyvidz].torrent

c:\documents and settings\Kelly\Application Data\Azureus\torrents\X-Men[1].Evolution.Complete.Series.torrent

c:\documents and settings\Kelly\Application Data\Azureus\tracker.config

c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bad

c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bad1

c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bad2

c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bad3

c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bak

c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bak.bad

c:\documents and settings\Kelly\Application Data\Azureus\tracker.config.bak.bad1

c:\documents and settings\Kelly\Application Data\Azureus\update.properties

c:\program files\Azureus

c:\program files\Azureus\plugins\azplugins\azplugins_2.1.1.jar

c:\program files\Azureus\plugins\azplugins\azplugins_2.1.3.jar

c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar

c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar

c:\program files\Azureus\plugins\azupdater\plugin.properties

c:\program files\Azureus\plugins\azupdater\Updater.jar

c:\program files\Azureus\Uninstall.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BUFOLBHD

-------\Service_bufolbhd

((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))

.

2009-11-24 17:21 . 2004-08-04 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-11-24 17:21 . 2004-08-04 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys

2009-11-24 09:54 . 2009-11-24 09:54 -------- d-----w- c:\windows\ERUNT

2009-11-24 09:38 . 2009-11-24 10:27 -------- d-----w- C:\SDFix

2009-11-24 08:40 . 2009-11-24 08:39 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-24 08:39 . 2009-11-24 08:39 -------- d-----w- c:\program files\Java

2009-11-24 08:04 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe

2009-11-24 08:04 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe

2009-11-23 22:23 . 2009-11-23 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-11-23 19:37 . 2009-11-24 19:18 -------- d-----w- c:\windows\system32\CatRoot2