Jump to content

Recommended Posts

Yesterday I noticed constant virus alerts from what looked like a windows based anti-virus program that I had never seen before. A quick google check informed me that it is, in fact, not anti-virus software but malware.

I can no longer run any programs on this computer even in safe mode. The XP anti-virus 2011 will just auto run even after ending it with the task manager.

I installed Panda USB vaccine on this machine (running windows 7) and vaccinated a usb drive, I then installed OTH and OTL and followed the directions I found in this Thread.

These are the logs OTL compiled:

OTL logfile created on: 4/6/2011 8:16:51 PM - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = E:\

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 139.43 Gb Free Space | 61.12% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 7.44 Gb Total Space | 7.43 Gb Free Space | 99.81% Space Free | Partition Type: FAT32

Computer Name: TALLON | User Name: Iain | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 20:12:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.scr

PRC - [2011/04/06 20:12:14 | 000,258,560 | ---- | M] (OldTimer Tools) -- E:\OTH.scr

========== Modules (SafeList) ==========

MOD - [2011/04/06 20:12:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.scr

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (iPod Service)

SRV - File not found [On_Demand | Stopped] -- -- (DAUpdaterSvc)

SRV - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)

SRV - [2009/08/10 14:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2007/11/15 11:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/02/23 10:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/02/23 10:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/02/11 00:49:55 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2011/02/11 00:49:35 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)

DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys -- (SANDRA)

DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2008/02/25 09:44:38 | 001,172,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2008/02/25 09:44:22 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2008/02/25 09:44:08 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2008/02/25 09:44:00 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2008/02/25 09:43:56 | 000,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2008/02/25 09:43:30 | 000,346,856 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2008/02/25 09:43:24 | 000,524,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2008/02/25 09:43:16 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2008/02/25 09:41:50 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV - [2008/02/25 09:41:44 | 000,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)

DRV - [2008/02/25 09:41:36 | 001,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV - [2008/02/25 09:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)

DRV - [2008/02/25 09:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)

DRV - [2008/02/25 09:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)

DRV - [2008/02/25 09:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)

DRV - [2008/02/25 09:41:06 | 000,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)

DRV - [2008/02/25 09:41:02 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)

DRV - [2008/02/25 09:40:56 | 000,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)

DRV - [2008/02/25 09:40:52 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)

DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)

DRV - [2007/09/04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)

DRV - [2007/04/26 19:57:48 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2005/01/14 12:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15438&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Wowhead"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.ca"

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 08:53:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 08:53:41 | 000,000,000 | ---D | M]

[2009/07/24 22:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Extensions

[2011/04/04 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions

[2011/03/25 10:18:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/25 10:18:03 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/02/04 15:57:02 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\searchplugins\askcom.xml

[2008/03/23 02:08:08 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\searchplugins\wowhead.xml

[2011/04/04 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/03 13:48:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/12/29 17:04:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/10/16 14:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/10/16 14:57:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/12/31 05:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll

[2010/10/16 14:57:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)

O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKCU..\Run: [AdobeUpdater6] C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Iain\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263779534890 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263779517515 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/27 20:29:00 | 007,983,911 | ---- | M] () - E:\autorun2k9f.upg -- [ FAT32 ]

O32 - AutoRun File - [2011/04/06 20:11:12 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\{04b97516-43e3-11de-a302-001aa0c18035}\Shell\AutoRun\command - "" = F:\WDSetup.exe

O33 - MountPoints2\{231e4084-382d-11de-a3a9-001aa0c18035}\Shell\AutoRun\command - "" = E:\podcastready.exe

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Iain\Local Settings\Application Data\fvt.exe" -a "%1" %* ()

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Iain\Local Settings\Application Data\fvt.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\My Digital Editions

[2011/03/29 13:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Local Settings\Application Data\Kobo

[2011/03/29 13:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kobo

[2011/03/29 13:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo

[2011/03/28 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\Farm Mania 2.1

[2011/03/28 15:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\ERS Game Studios

[2011/03/28 15:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Mania - Hot Vacation

[2011/03/28 15:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Farm Mania - Hot Vacation

[2011/03/28 15:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\PuppetShow - Lost Town Collector's Edition

[2011/03/28 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PuppetShow - Lost Town Collector's Edition

[2011/03/27 16:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\LDW

[2011/03/27 16:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Plant Tycoon

[2011/03/27 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Plant Tycoon

[2011/03/27 16:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\PlayFirst

[2011/03/27 16:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2011/03/27 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Garden Dash

[2011/03/27 16:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garden Dash

[2011/03/27 16:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games

[2011/03/27 16:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient

[2011/03/27 16:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

[2011/03/27 16:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\Downloads

[2011/03/22 15:56:44 | 000,037,376 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll

[2011/03/22 15:56:44 | 000,021,504 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys

[2011/03/14 14:03:17 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS

[2011/03/14 14:03:17 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe

[2011/03/14 14:03:17 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll

[2011/03/14 14:03:16 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax

[2011/03/14 14:03:16 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Camer@

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech

[2008/02/20 20:44:02 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[2007/12/27 13:13:26 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 20:15:37 | 000,016,732 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 20:15:37 | 000,016,732 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 20:13:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/06 19:45:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/06 19:42:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/06 19:27:14 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Iain\Desktop\eXplorer.exe

[2011/04/06 19:27:14 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Iain\Desktop\dasterbob.exe

[2011/04/06 19:20:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/06 19:03:41 | 000,517,858 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/06 19:03:41 | 000,102,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/06 18:57:41 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fvt.exe

[2011/04/06 18:44:07 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gxo.exe

[2011/04/06 12:57:26 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\qqm.exe

[2011/04/06 12:57:26 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\mnj.exe

[2011/04/06 12:57:26 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\mef.exe

[2011/04/06 12:57:26 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\jfo.exe

[2011/04/06 12:57:25 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tjf.exe

[2011/04/06 12:57:21 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\wtw.exe

[2011/04/06 12:57:19 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\cjs.exe

[2011/04/06 12:57:18 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ata.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xbk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\pgk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jpb.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\hmm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gpm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gkk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ast.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aib.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yki.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yjn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tbr.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\nxs.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kwn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hgd.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\fqv.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fqu.exe

[2011/04/06 09:26:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ynp.exe

[2011/04/06 09:25:07 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\rnt.exe

[2011/04/06 09:25:07 | 000,227,965 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\djs.exe

[2011/04/02 01:23:00 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Iain\Desktop\World of Warcraft.lnk

[2011/03/29 13:46:30 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kobo.lnk

[2011/03/28 15:08:48 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk

[2011/03/27 16:11:08 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2011/03/27 16:11:08 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url

[2011/03/25 23:20:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/03/25 23:20:46 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/03/22 15:56:44 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll

[2011/03/22 15:56:44 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys

[2011/03/14 14:34:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/03/14 14:09:06 | 000,921,632 | ---- | M] () -- C:\PA207.DAT

[2011/03/09 05:00:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/06 19:47:49 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Iain\Desktop\eXplorer.exe

[2011/04/06 19:34:34 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Iain\Desktop\dasterbob.exe

[2011/04/06 18:57:41 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fvt.exe

[2011/04/06 18:44:07 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gxo.exe

[2011/04/06 12:57:26 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\qqm.exe

[2011/04/06 12:57:26 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\mnj.exe

[2011/04/06 12:57:26 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\mef.exe

[2011/04/06 12:57:26 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\jfo.exe

[2011/04/06 12:57:25 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tjf.exe

[2011/04/06 12:57:21 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\wtw.exe

[2011/04/06 12:57:19 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\cjs.exe

[2011/04/06 12:57:18 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ata.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xbk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\pgk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jpb.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\hmm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gpm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gkk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ast.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aib.exe

[2011/04/06 09:26:04 | 000,016,732 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 09:26:04 | 000,016,732 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yki.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yjn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tbr.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\nxs.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kwn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hgd.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fqv.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fqu.exe

[2011/04/06 09:26:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ynp.exe

[2011/04/06 09:25:07 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\rnt.exe

[2011/04/06 09:25:07 | 000,227,965 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\djs.exe

[2011/03/29 13:46:30 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kobo.lnk

[2011/03/28 15:08:48 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk

[2011/03/27 16:11:08 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2011/03/27 16:11:08 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url

[2011/03/27 16:10:34 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk

[2011/03/27 16:10:34 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk

[2011/03/14 14:08:28 | 000,921,632 | ---- | C] () -- C:\PA207.DAT

[2011/03/14 14:03:17 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2011/03/14 14:03:16 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini

[2011/02/12 20:55:49 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011/02/12 20:55:49 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011/02/12 20:55:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011/02/12 20:55:49 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011/02/11 02:21:27 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2011/02/03 14:00:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/02/02 17:33:13 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/09/21 07:56:25 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb

[2010/09/21 07:54:47 | 013,893,632 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda

[2010/09/20 20:22:31 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/09/20 20:22:30 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/09/20 20:22:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/07/05 17:48:30 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2009/06/23 13:12:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2009/06/10 06:03:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/01/18 12:57:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/05/31 19:56:32 | 000,002,172 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2008/05/12 19:05:40 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2008/05/06 08:53:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2008/04/05 00:14:41 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/04/05 00:14:41 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Iain\Application Data\PnkBstrK.sys

[2008/04/05 00:14:25 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2008/04/05 00:14:23 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2008/04/05 00:14:21 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2008/03/22 19:04:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2008/02/25 14:55:32 | 000,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2008/02/20 21:00:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll

[2008/02/20 20:58:46 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe

[2008/02/20 20:49:46 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2008/02/20 20:49:46 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2008/02/20 20:46:46 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe

[2008/02/20 20:46:20 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT

[2008/02/20 20:44:34 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT

[2008/02/20 20:44:26 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT

[2008/02/20 20:44:26 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2008/02/20 20:44:10 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2008/02/20 20:44:10 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2008/02/20 20:44:08 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2008/01/19 11:57:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iain\Application Data\wklnhst.dat

[2008/01/15 20:38:10 | 000,000,684 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/01/12 14:22:59 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/11 21:03:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/01/11 20:58:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fusioncache.dat

[2007/12/27 13:40:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/12/27 13:33:26 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2007/12/27 13:33:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/12/27 13:08:54 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2007/12/27 13:08:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2007/12/27 13:08:53 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini

[2007/12/27 13:08:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2007/12/27 13:07:43 | 000,001,218 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll

[2007/03/12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005/08/16 06:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/08/16 06:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/16 06:27:59 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/08/16 06:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/08/16 06:18:33 | 000,517,858 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/08/16 06:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005/08/16 06:18:33 | 000,102,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/08/16 06:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005/08/16 06:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005/08/16 06:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/08/16 06:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/08/16 06:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005/08/16 06:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005/08/16 06:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005/08/16 06:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2011/02/10 21:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2011/03/27 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games

[2010/07/25 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare

[2010/10/31 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3

[2008/05/20 22:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom

[2011/03/27 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010/07/10 21:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2011/02/12 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2007/12/27 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2011/03/28 15:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/07/17 06:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2011/02/11 00:47:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

[2010/11/10 20:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\.minecraft

[2010/02/05 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\BitTorrent

[2011/03/28 15:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\ERS Game Studios

[2011/03/28 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Farm Mania 2.1

[2008/05/06 10:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Leadertech

[2009/06/07 10:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\LimeWire

[2010/10/19 14:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\MinecraftTools

[2009/08/29 09:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Octoshape

[2011/03/27 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\PlayFirst

[2011/02/12 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Simply Super Software

[2008/01/19 11:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Template

[2010/07/10 23:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Turbine

[2008/02/26 19:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Uniblue

[2011/04/06 20:13:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 712 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54380FEC

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073139EC

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36

< End of report >

OTL Extras logfile created on: 4/6/2011 8:13:36 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = E:\

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 139.43 Gb Free Space | 61.12% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 7.44 Gb Total Space | 7.43 Gb Free Space | 99.81% Space Free | Partition Type: FAT32

Computer Name: TALLON | User Name: Iain | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- C:\Documents and Settings\Iain\Local Settings\Application Data\fvt.exe ()

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"57087:TCP" = 57087:TCP:*:Enabled:Pando Media Booster

"57087:UDP" = 57087:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Tracker: 6112

"6881:TCP" = 6881:TCP:*:Enabled:Bliz Tracker: 6881

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"57087:TCP" = 57087:TCP:*:Enabled:Pando Media Booster

"57087:UDP" = 57087:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"C:\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\World of Warcraft\Launcher.exe" = C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\World of Warcraft Public Test\Launcher.exe" = C:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\World of Warcraft\BackgroundDownloader.exe" = C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\World of Warcraft Public Test\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\wow-0.2.0.10083-to-0.2.0.10116-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10116-to-0.2.0.10128-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.0.10128-to-0.2.0.10147-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10257-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10257-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Documents and Settings\Iain\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Iain\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10433-to-0.2.2.10468-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader

"C:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\Valve\Steam\SteamApps\platinumgrif\team fortress 2\hl2.exe" = C:\Program Files\Valve\Steam\SteamApps\platinumgrif\team fortress 2\hl2.exe:*:Enabled:hl2

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile

"C:\WINDOWS\system32\regsvr32.exe" = C:\WINDOWS\system32\regsvr32.exe:*:Enabled:Microsoft© Register Server -- (Microsoft Corporation)

"C:\Program Files\Dragon Age\tools\GffEditor.exe" = C:\Program Files\Dragon Age\tools\GffEditor.exe:*:Enabled:Dragon Age Toolset GFF editor

"C:\Program Files\Dragon Age\tools\ErfEditor.exe" = C:\Program Files\Dragon Age\tools\ErfEditor.exe:*:Enabled:Dragon Age Toolset ERF editor

"C:\Program Files\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2

"C:\Program Files\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\UPlayBrowser.exe" = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\UPlayBrowser.exe:*:Enabled:UPlayBrowser Application

"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\StarCraft II Beta\Versions\Base15392\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II

"C:\Program Files\StarCraft II Beta\Versions\Base15449\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15449\SC2.exe:*:Enabled:StarCraft II

"C:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10522-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.3.0.10522-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\Steam\steamapps\platinumgrif\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\platinumgrif\team fortress 2\hl2.exe:*:Enabled:hl2

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster

"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient

"C:\Program Files\World of Warcraft Beta\Launcher.exe" = C:\Program Files\World of Warcraft Beta\Launcher.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\BYOND\bin\byond.exe" = C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond -- ()

"C:\Program Files\World of Warcraft Beta\Temp\grunt-wow-4.0.0.1710-to-4.0.0.1743-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft Beta\Temp\grunt-wow-4.0.0.1710-to-4.0.0.1743-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game

"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher

"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater

"C:\Program Files\World of Warcraft Beta\Launcher.patch.exe" = C:\Program Files\World of Warcraft Beta\Launcher.patch.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Program Files\Steam\steamapps\common\dead rising 2\deadrising2.exe" = C:\Program Files\Steam\steamapps\common\dead rising 2\deadrising2.exe:*:Enabled:Dead Rising 2 -- (CAPCOM CO., LTD.)

"C:\World of Warcraft\Launcher.patch.exe" = C:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher

"C:\World of Warcraft\Blizzard Downloader.exe" = C:\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe" = C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Enabled:Fallout3

"C:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = C:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R.: Shadow of Chernobyl -- ()

"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()

"C:\Program Files\Steam\steamapps\common\poker night at the inventory\CelebrityPoker.exe" = C:\Program Files\Steam\steamapps\common\poker night at the inventory\CelebrityPoker.exe:*:Enabled:Poker Night at the Inventory -- (Telltale Games)

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD

"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD

"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support

"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune

"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate II - Throne of Bhaal

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camer@

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFA05440-A429-4A60-84C9-16919C12876F}_is1" = Cabal Online 8.6.30.1

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype

Link to post
Share on other sites

Hello rakadaka! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Use regular mode for my instructions.

Step 1

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smorgasbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 2

Show the file extensions:

http://www.fileinfo.com/help/windows-show-extensions.html

Then locate to C:\Program Files\Malwarebytes and rename mbam.exe to svchost.com .

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

  1. Malwarebytes' Anti-Malware log
  2. a new fresh OTL log

Link to post
Share on other sites

Thank you for your reply. After following your instructions these are the new logs:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6299

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/7/2011 8:27:08 AM

mbam-log-2011-04-07 (08-27-08).txt

Scan type: Quick scan

Objects scanned: 173063

Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

c:\documents and settings\Iain\local settings\application data\fvt.exe (Trojan.Agent) -> 1964 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Iain\Local Settings\Application Data\fvt.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Iain\local settings\Temp\0.5444158491941342.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\rnt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\ata.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\cjs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\djs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\fvt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\gxo.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\jfo.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\mef.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\mnj.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\qqm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\tjf.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\wtw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

OTL logfile created on: 4/7/2011 8:33:55 AM - Run 3

OTL by OldTimer - Version 3.2.22.3 Folder = E:\

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 139.42 Gb Free Space | 61.11% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 7.44 Gb Total Space | 7.43 Gb Free Space | 99.89% Space Free | Partition Type: FAT32

Computer Name: TALLON | User Name: Iain | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 20:12:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.scr

PRC - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011/02/11 00:49:30 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/11/24 16:26:00 | 001,233,856 | ---- | M] (Simply Super Software) -- C:\Program Files\Trojan Remover\Trjscan.exe

PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

PRC - [2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Iain\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/20 20:58:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe

PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe

PRC - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

PRC - [2007/04/04 19:48:58 | 001,236,992 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005/11/04 20:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

========== Modules (SafeList) ==========

MOD - [2011/04/06 20:12:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.scr

MOD - [2011/02/23 11:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (iPod Service)

SRV - File not found [On_Demand | Stopped] -- -- (DAUpdaterSvc)

SRV - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)

SRV - [2009/08/10 14:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2007/11/15 11:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/02/23 10:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/02/23 10:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/02/11 00:49:55 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2011/02/11 00:49:35 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)

DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys -- (SANDRA)

DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2008/02/25 09:44:38 | 001,172,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2008/02/25 09:44:22 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2008/02/25 09:44:08 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2008/02/25 09:44:00 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2008/02/25 09:43:56 | 000,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2008/02/25 09:43:30 | 000,346,856 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2008/02/25 09:43:24 | 000,524,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2008/02/25 09:43:16 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2008/02/25 09:41:50 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV - [2008/02/25 09:41:44 | 000,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)

DRV - [2008/02/25 09:41:36 | 001,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV - [2008/02/25 09:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)

DRV - [2008/02/25 09:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)

DRV - [2008/02/25 09:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)

DRV - [2008/02/25 09:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)

DRV - [2008/02/25 09:41:06 | 000,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)

DRV - [2008/02/25 09:41:02 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)

DRV - [2008/02/25 09:40:56 | 000,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)

DRV - [2008/02/25 09:40:52 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)

DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)

DRV - [2007/09/04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)

DRV - [2007/04/26 19:57:48 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2005/01/14 12:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15438&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Wowhead"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.ca"

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 08:53:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 08:53:41 | 000,000,000 | ---D | M]

[2009/07/24 22:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Extensions

[2011/04/04 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions

[2011/03/25 10:18:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/25 10:18:03 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/02/04 15:57:02 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\searchplugins\askcom.xml

[2008/03/23 02:08:08 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\searchplugins\wowhead.xml

[2011/04/04 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/03 13:48:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/12/29 17:04:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/10/16 14:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/10/16 14:57:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/12/31 05:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll

[2010/10/16 14:57:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found

O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Iain\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263779534890 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263779517515 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/27 20:29:00 | 007,983,911 | ---- | M] () - E:\autorun2k9f.upg -- [ FAT32 ]

O32 - AutoRun File - [2011/04/06 20:11:12 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\{04b97516-43e3-11de-a302-001aa0c18035}\Shell\AutoRun\command - "" = F:\WDSetup.exe

O33 - MountPoints2\{231e4084-382d-11de-a3a9-001aa0c18035}\Shell\AutoRun\command - "" = E:\podcastready.exe

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\My Digital Editions

[2011/03/29 13:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Local Settings\Application Data\Kobo

[2011/03/29 13:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kobo

[2011/03/29 13:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo

[2011/03/28 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\Farm Mania 2.1

[2011/03/28 15:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\ERS Game Studios

[2011/03/28 15:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Mania - Hot Vacation

[2011/03/28 15:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Farm Mania - Hot Vacation

[2011/03/28 15:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\PuppetShow - Lost Town Collector's Edition

[2011/03/28 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PuppetShow - Lost Town Collector's Edition

[2011/03/27 16:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\LDW

[2011/03/27 16:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Plant Tycoon

[2011/03/27 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Plant Tycoon

[2011/03/27 16:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\PlayFirst

[2011/03/27 16:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2011/03/27 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Garden Dash

[2011/03/27 16:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garden Dash

[2011/03/27 16:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games

[2011/03/27 16:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient

[2011/03/27 16:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

[2011/03/27 16:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\Downloads

[2011/03/22 15:56:44 | 000,037,376 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll

[2011/03/22 15:56:44 | 000,021,504 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys

[2011/03/14 14:03:17 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS

[2011/03/14 14:03:17 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe

[2011/03/14 14:03:17 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll

[2011/03/14 14:03:16 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax

[2011/03/14 14:03:16 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Camer@

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech

[2008/02/20 20:44:02 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[2007/12/27 13:13:26 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/07 08:31:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/07 08:29:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/07 08:28:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/07 08:20:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/07 08:12:21 | 000,016,858 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/07 08:12:21 | 000,016,858 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 19:03:41 | 000,517,858 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/06 19:03:41 | 000,102,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xbk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\pgk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jpb.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\hmm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gpm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gkk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ast.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aib.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yki.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yjn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tbr.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\nxs.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kwn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hgd.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\fqv.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fqu.exe

[2011/04/06 09:26:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ynp.exe

[2011/04/02 01:23:00 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Iain\Desktop\World of Warcraft.lnk

[2011/03/29 13:46:30 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kobo.lnk

[2011/03/28 15:08:48 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk

[2011/03/27 16:11:08 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2011/03/27 16:11:08 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url

[2011/03/25 23:20:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/03/25 23:20:46 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/03/22 15:56:44 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll

[2011/03/22 15:56:44 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys

[2011/03/14 14:34:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/03/14 14:09:06 | 000,921,632 | ---- | M] () -- C:\PA207.DAT

[2011/03/09 05:00:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xbk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\pgk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jpb.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\hmm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gpm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gkk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ast.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aib.exe

[2011/04/06 09:26:04 | 000,016,858 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 09:26:04 | 000,016,858 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yki.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yjn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tbr.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\nxs.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kwn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hgd.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fqv.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fqu.exe

[2011/04/06 09:26:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ynp.exe

[2011/03/29 13:46:30 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kobo.lnk

[2011/03/28 15:08:48 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk

[2011/03/27 16:11:08 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2011/03/27 16:11:08 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url

[2011/03/27 16:10:34 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk

[2011/03/27 16:10:34 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk

[2011/03/14 14:08:28 | 000,921,632 | ---- | C] () -- C:\PA207.DAT

[2011/03/14 14:03:17 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2011/03/14 14:03:16 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini

[2011/02/12 20:55:49 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011/02/12 20:55:49 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011/02/12 20:55:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011/02/12 20:55:49 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011/02/11 02:21:27 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2011/02/03 14:00:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/02/02 17:33:13 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/09/21 07:56:25 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb

[2010/09/21 07:54:47 | 013,893,632 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda

[2010/09/20 20:22:31 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/09/20 20:22:30 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/09/20 20:22:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/07/05 17:48:30 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2009/06/23 13:12:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2009/06/10 06:03:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/01/18 12:57:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/05/31 19:56:32 | 000,002,172 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2008/05/12 19:05:40 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2008/05/06 08:53:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2008/04/05 00:14:41 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/04/05 00:14:41 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Iain\Application Data\PnkBstrK.sys

[2008/04/05 00:14:25 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2008/04/05 00:14:23 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2008/04/05 00:14:21 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2008/03/22 19:04:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2008/02/25 14:55:32 | 000,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2008/02/20 21:00:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll

[2008/02/20 20:58:46 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe

[2008/02/20 20:49:46 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2008/02/20 20:49:46 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2008/02/20 20:46:46 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe

[2008/02/20 20:46:20 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT

[2008/02/20 20:44:34 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT

[2008/02/20 20:44:26 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT

[2008/02/20 20:44:26 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2008/02/20 20:44:10 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2008/02/20 20:44:10 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2008/02/20 20:44:08 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2008/01/19 11:57:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iain\Application Data\wklnhst.dat

[2008/01/15 20:38:10 | 000,000,684 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/01/12 14:22:59 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/11 21:03:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/01/11 20:58:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fusioncache.dat

[2007/12/27 13:40:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/12/27 13:33:26 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2007/12/27 13:33:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/12/27 13:08:54 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2007/12/27 13:08:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2007/12/27 13:08:53 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini

[2007/12/27 13:08:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2007/12/27 13:07:43 | 000,001,218 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll

[2007/03/12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005/08/16 06:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/08/16 06:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/16 06:27:59 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/08/16 06:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/08/16 06:18:33 | 000,517,858 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/08/16 06:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005/08/16 06:18:33 | 000,102,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/08/16 06:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005/08/16 06:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005/08/16 06:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/08/16 06:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/08/16 06:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005/08/16 06:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005/08/16 06:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005/08/16 06:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2011/02/10 21:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2011/03/27 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games

[2010/07/25 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare

[2010/10/31 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3

[2008/05/20 22:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom

[2011/03/27 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010/07/10 21:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2011/02/12 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2007/12/27 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2011/03/28 15:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/07/17 06:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2011/02/11 00:47:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

[2010/11/10 20:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\.minecraft

[2010/02/05 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\BitTorrent

[2011/03/28 15:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\ERS Game Studios

[2011/03/28 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Farm Mania 2.1

[2008/05/06 10:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Leadertech

[2009/06/07 10:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\LimeWire

[2010/10/19 14:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\MinecraftTools

[2009/08/29 09:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Octoshape

[2011/03/27 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\PlayFirst

[2011/02/12 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Simply Super Software

[2008/01/19 11:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Template

[2010/07/10 23:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Turbine

[2008/02/26 19:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Uniblue

[2011/04/07 08:31:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 712 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54380FEC

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073139EC

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36

< End of report >

Link to post
Share on other sites

Please visit www.virustotal.com and upload one by one the following files:

C:\Program Files\Mozilla Firefox\plugins\npbyond.dll

C:\WINDOWS\System32\killapps.exe

C:\WINDOWS\setpwr32.exe

C:\WINDOWS\System32\enlocstr.exe

Please post the results in your next reply.

Link to post
Share on other sites

I am currently unable to do this, everything appeared fine until I opened my browser to go to virustotal.com and the XP antivirus 2011 started up again and I can't do anything.

I am redoing previous steps to get back to this point now.

As far as I recall firefox is my only browser.

Link to post
Share on other sites

My apologies for not answering sooner, I was at work.

I was going to start uploading the files to virustotal.com as you instructed however internet explorer was not working so I tried to use Firefox and it caused the XP anti-virus to start again.

I went back a step and ran malwarebytes and removed everything that came up and rebooted. I then ran OTL once more then began uploading the files you posted one by one.

The following is the new malwarebytes log, OTL log and the Virus total log for each file you posted:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6299

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/7/2011 10:05:56 AM

mbam-log-2011-04-07 (10-05-56).txt

Scan type: Quick scan

Objects scanned: 173080

Time elapsed: 17 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malwarebytes' Anti-Malware (reboot) (Trojan.Agent) -> Value: Malwarebytes' Anti-Malware (reboot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\DOCUME~1\Iain\LOCALS~1\Temp\0.19710739376727338.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Iain\local settings\Temp\0.19710739376727338.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\qpk.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Iain\local settings\application data\xsl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

OTL logfile created on: 4/7/2011 6:44:12 PM - Run 4

OTL by OldTimer - Version 3.2.22.3 Folder = E:\

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228.13 Gb Total Space | 139.43 Gb Free Space | 61.12% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 7.44 Gb Total Space | 7.43 Gb Free Space | 99.89% Space Free | Partition Type: FAT32

Computer Name: TALLON | User Name: Iain | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 20:12:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.scr

PRC - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011/02/11 00:49:30 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

PRC - [2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Iain\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/20 20:58:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe

PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe

PRC - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

PRC - [2007/04/04 19:48:58 | 001,236,992 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005/11/04 20:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

========== Modules (SafeList) ==========

MOD - [2011/04/06 20:12:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.scr

MOD - [2011/02/23 11:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (iPod Service)

SRV - File not found [On_Demand | Stopped] -- -- (DAUpdaterSvc)

SRV - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)

SRV - [2009/08/10 14:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2007/11/15 11:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/02/23 10:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/02/23 10:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/02/11 00:49:55 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2011/02/11 00:49:35 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)

DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys -- (SANDRA)

DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2008/02/25 09:44:38 | 001,172,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2008/02/25 09:44:22 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2008/02/25 09:44:08 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2008/02/25 09:44:00 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2008/02/25 09:43:56 | 000,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2008/02/25 09:43:30 | 000,346,856 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2008/02/25 09:43:24 | 000,524,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2008/02/25 09:43:16 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2008/02/25 09:41:50 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV - [2008/02/25 09:41:44 | 000,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)

DRV - [2008/02/25 09:41:36 | 001,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV - [2008/02/25 09:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)

DRV - [2008/02/25 09:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)

DRV - [2008/02/25 09:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)

DRV - [2008/02/25 09:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)

DRV - [2008/02/25 09:41:06 | 000,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)

DRV - [2008/02/25 09:41:02 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)

DRV - [2008/02/25 09:40:56 | 000,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)

DRV - [2008/02/25 09:40:52 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)

DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)

DRV - [2007/09/04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)

DRV - [2007/04/26 19:57:48 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2005/01/14 12:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2071227

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15438&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Wowhead"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.ca"

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 08:53:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 08:53:41 | 000,000,000 | ---D | M]

[2009/07/24 22:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Extensions

[2011/04/04 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions

[2011/03/25 10:18:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/25 10:18:03 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/02/04 15:57:02 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\searchplugins\askcom.xml

[2008/03/23 02:08:08 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Profiles\wfu3qzxy.default\searchplugins\wowhead.xml

[2011/04/04 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/03 13:48:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/12/29 17:04:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/10/16 14:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/10/16 14:57:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/12/31 05:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll

[2010/10/16 14:57:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)

O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Iain\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263779534890 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263779517515 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Iain\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/27 20:29:00 | 007,983,911 | ---- | M] () - E:\autorun2k9f.upg -- [ FAT32 ]

O32 - AutoRun File - [2011/04/06 20:11:12 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\{04b97516-43e3-11de-a302-001aa0c18035}\Shell\AutoRun\command - "" = F:\WDSetup.exe

O33 - MountPoints2\{231e4084-382d-11de-a3a9-001aa0c18035}\Shell\AutoRun\command - "" = E:\podcastready.exe

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 19:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\My Digital Editions

[2011/03/29 13:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Local Settings\Application Data\Kobo

[2011/03/29 13:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kobo

[2011/03/29 13:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo

[2011/03/28 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\Farm Mania 2.1

[2011/03/28 15:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\ERS Game Studios

[2011/03/28 15:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Mania - Hot Vacation

[2011/03/28 15:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Farm Mania - Hot Vacation

[2011/03/28 15:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\PuppetShow - Lost Town Collector's Edition

[2011/03/28 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PuppetShow - Lost Town Collector's Edition

[2011/03/27 16:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\LDW

[2011/03/27 16:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Plant Tycoon

[2011/03/27 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Plant Tycoon

[2011/03/27 16:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\Application Data\PlayFirst

[2011/03/27 16:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2011/03/27 16:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Garden Dash

[2011/03/27 16:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garden Dash

[2011/03/27 16:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games

[2011/03/27 16:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient

[2011/03/27 16:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

[2011/03/27 16:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Iain\My Documents\Downloads

[2011/03/22 15:56:44 | 000,037,376 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll

[2011/03/22 15:56:44 | 000,021,504 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys

[2011/03/14 14:03:17 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS

[2011/03/14 14:03:17 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe

[2011/03/14 14:03:17 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll

[2011/03/14 14:03:16 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax

[2011/03/14 14:03:16 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Camer@

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207

[2011/03/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech

[2008/02/20 20:44:02 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[2007/12/27 13:13:26 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/07 18:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/07 17:20:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/07 10:10:49 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/07 10:07:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/07 09:19:26 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Iain\Desktop\Shortcut to Malwarebytes' Anti-Malware.lnk

[2011/04/07 09:19:07 | 000,017,144 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\325cq8r6ceko405fg

[2011/04/07 09:19:06 | 000,017,144 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\325cq8r6ceko405fg

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\vbv.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\sbk.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rbi.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\obo.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\mem.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ipf.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\grw.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fgh.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cyq.exe

[2011/04/07 08:12:21 | 000,016,858 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/07 08:12:21 | 000,016,858 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 19:03:41 | 000,517,858 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/06 19:03:41 | 000,102,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xbk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\pgk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jpb.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\hmm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gpm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gkk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ast.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aib.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yki.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yjn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tbr.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\nxs.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kwn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hgd.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\fqv.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fqu.exe

[2011/04/06 09:26:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ynp.exe

[2011/04/02 01:23:00 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Iain\Desktop\World of Warcraft.lnk

[2011/03/29 13:46:30 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kobo.lnk

[2011/03/28 15:08:48 | 000,001,216 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk

[2011/03/27 16:11:08 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2011/03/27 16:11:08 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url

[2011/03/25 23:20:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/03/25 23:20:46 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Iain\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/03/22 15:56:44 | 000,037,376 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll

[2011/03/22 15:56:44 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys

[2011/03/14 14:34:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2011/03/14 14:09:06 | 000,921,632 | ---- | M] () -- C:\PA207.DAT

[2011/03/09 05:00:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/07 09:19:26 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Iain\Desktop\Shortcut to Malwarebytes' Anti-Malware.lnk

[2011/04/07 09:17:17 | 000,017,144 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\325cq8r6ceko405fg

[2011/04/07 09:17:17 | 000,017,144 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\325cq8r6ceko405fg

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\vbv.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sbk.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rbi.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\obo.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\mem.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ipf.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\grw.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fgh.exe

[2011/04/07 09:17:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cyq.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xbk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\pgk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jpb.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\hmm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gpm.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gkk.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ast.exe

[2011/04/06 09:26:18 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aib.exe

[2011/04/06 09:26:04 | 000,016,858 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 09:26:04 | 000,016,858 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yki.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yjn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tbr.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\nxs.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kwn.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hgd.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fqv.exe

[2011/04/06 09:26:04 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fqu.exe

[2011/04/06 09:26:03 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ynp.exe

[2011/03/29 13:46:30 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kobo.lnk

[2011/03/28 15:08:48 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk

[2011/03/27 16:11:08 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2011/03/27 16:11:08 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url

[2011/03/27 16:10:34 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk

[2011/03/27 16:10:34 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk

[2011/03/14 14:08:28 | 000,921,632 | ---- | C] () -- C:\PA207.DAT

[2011/03/14 14:03:17 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2011/03/14 14:03:16 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini

[2011/02/12 20:55:49 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2011/02/12 20:55:49 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2011/02/12 20:55:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2011/02/12 20:55:49 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2011/02/11 02:21:27 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2011/02/03 14:00:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/02/02 17:33:13 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/09/21 07:56:25 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb

[2010/09/21 07:54:47 | 013,893,632 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda

[2010/09/20 20:22:31 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/09/20 20:22:30 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/09/20 20:22:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/07/05 17:48:30 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2009/06/23 13:12:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2009/06/10 06:03:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/01/18 12:57:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/05/31 19:56:32 | 000,002,172 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2008/05/12 19:05:40 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2008/05/06 08:53:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2008/04/05 00:14:41 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/04/05 00:14:41 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Iain\Application Data\PnkBstrK.sys

[2008/04/05 00:14:25 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2008/04/05 00:14:23 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2008/04/05 00:14:21 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2008/03/22 19:04:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2008/02/25 14:55:32 | 000,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2008/02/20 21:00:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll

[2008/02/20 20:58:46 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe

[2008/02/20 20:49:46 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2008/02/20 20:49:46 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2008/02/20 20:46:46 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe

[2008/02/20 20:46:20 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT

[2008/02/20 20:44:34 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT

[2008/02/20 20:44:26 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT

[2008/02/20 20:44:26 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2008/02/20 20:44:10 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2008/02/20 20:44:10 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2008/02/20 20:44:08 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2008/01/19 11:57:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Iain\Application Data\wklnhst.dat

[2008/01/15 20:38:10 | 000,000,684 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/01/12 14:22:59 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/11 21:03:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/01/11 20:58:26 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fusioncache.dat

[2007/12/27 13:40:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/12/27 13:33:26 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2007/12/27 13:33:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/12/27 13:08:54 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2007/12/27 13:08:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2007/12/27 13:08:53 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini

[2007/12/27 13:08:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2007/12/27 13:07:43 | 000,001,218 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll

[2007/03/12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005/08/16 06:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/08/16 06:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/16 06:27:59 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/08/16 06:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/08/16 06:18:33 | 000,517,858 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/08/16 06:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005/08/16 06:18:33 | 000,102,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/08/16 06:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005/08/16 06:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005/08/16 06:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/08/16 06:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/08/16 06:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005/08/16 06:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005/08/16 06:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005/08/16 06:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2011/02/10 21:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2011/03/27 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games

[2010/07/25 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare

[2010/10/31 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3

[2008/05/20 22:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom

[2011/03/27 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010/07/10 21:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2011/02/12 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2007/12/27 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2011/03/28 15:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/07/17 06:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2011/02/11 00:47:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

[2010/11/10 20:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\.minecraft

[2010/02/05 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\BitTorrent

[2011/03/28 15:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\ERS Game Studios

[2011/03/28 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Farm Mania 2.1

[2008/05/06 10:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Leadertech

[2009/06/07 10:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\LimeWire

[2010/10/19 14:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\MinecraftTools

[2009/08/29 09:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Octoshape

[2011/03/27 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\PlayFirst

[2011/02/12 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Simply Super Software

[2008/01/19 11:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Template

[2010/07/10 23:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Turbine

[2008/02/26 19:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\Uniblue

[2011/04/07 10:10:49 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 712 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54380FEC

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073139EC

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36

< End of report >

Compact Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.02.14.02 2011.02.14 -

AntiVir 7.11.3.164 2011.02.19 -

Antiy-AVL 2.0.3.7 2011.02.19 -

Avast 4.8.1351.0 2011.02.20 -

Avast5 5.0.677.0 2011.02.20 -

AVG 10.0.0.1190 2011.02.19 -

BitDefender 7.2 2011.02.20 -

CAT-QuickHeal 11.00 2011.02.19 -

ClamAV 0.96.4.0 2011.02.19 -

Commtouch 5.2.11.5 2011.02.19 -

Comodo 7741 2011.02.19 -

DrWeb 5.0.2.03300 2011.02.19 -

Emsisoft 5.1.0.2 2011.02.19 -

eSafe 7.0.17.0 2011.02.17 -

eTrust-Vet 36.1.8170 2011.02.18 -

F-Prot 4.6.2.117 2011.02.19 -

F-Secure 9.0.16160.0 2011.02.19 -

Fortinet 4.2.254.0 2011.02.19 -

GData 21 2011.02.19 -

Ikarus T3.1.1.97.0 2011.02.19 -

Jiangmin 13.0.900 2011.02.19 -

K7AntiVirus 9.87.3906 2011.02.19 -

Kaspersky 7.0.0.125 2011.02.19 -

McAfee 5.400.0.1158 2011.02.20 -

McAfee-GW-Edition 2010.1C 2011.02.19 -

Microsoft 1.6502 2011.02.19 -

NOD32 5889 2011.02.19 -

Norman 6.07.03 2011.02.19 -

nProtect 2011-02-10.01 2011.02.15 -

Panda 10.0.3.5 2011.02.19 -

PCTools 7.0.3.5 2011.02.19 -

Prevx 3.0 2011.02.20 -

Rising 23.45.04.06 2011.02.18 -

Sophos 4.61.0 2011.02.19 -

SUPERAntiSpyware 4.40.0.1006 2011.02.19 -

Symantec 20101.3.0.103 2011.02.19 -

TheHacker 6.7.0.1.132 2011.02.17 -

TrendMicro 9.200.0.1012 2011.02.19 -

TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -

VBA32 3.12.14.3 2011.02.18 -

VIPRE 8477 2011.02.19 -

ViRobot 2011.2.19.4319 2011.02.19 -

VirusBuster 13.6.209.3 2011.02.19 -

Additional informationShow all

MD5 : 4c5f06b81921bd513429e354e1e3e981

SHA1 : c831ad07cb7be10a8d8f61f07fc38c0e698269b9

SHA256: ed6d6bb0275e02dcd6353e98a6b4fff5a261df6e7588219fd1e2a642baae2f22

ssdeep: 384:yZ852KoSPBFTh+jTy8mlc0u3i/GygLq/QKchv1oZuSQKkJ:yZxK9P/T0Pt3iOc/Q31oqKk

File size : 40960 bytes

First seen: 2011-02-19 23:54:04

Last seen : 2011-02-19 23:54:04

Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID:

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: BYOND

copyright....: Copyright 2008

product......: BYOND stub plugin for Mozilla

description..: npbyond

original name: npbyond.dll

internal name: npbyond

file version.: 1, 0, 0, 1

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: Armadillo v1.xx - v2.xx

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x1B67

timedatestamp....: 0x4872399C (Mon Jul 07 15:43:24 2008)

machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x4105, 0x5000, 5.77, 310f2ca435b86041cc03a62ad6ac2837

.rdata, 0x6000, 0x9DE, 0x1000, 3.77, 02f1796b281bdaa9991af7d145068231

.data, 0x7000, 0xAE0, 0x1000, 0.91, 544fb67597bf97b73877a2fc7224c9f1

.rsrc, 0x8000, 0x448, 0x1000, 1.12, 03cca660823deb6793e184fb171eac8b

.reloc, 0x9000, 0x618, 0x1000, 2.69, 47f2512866c215193abbb78c1c82ef6f

[[ 1 import(s) ]]

kernel32.dll: RtlUnwind, GetCommandLineA, GetVersion, HeapFree, HeapAlloc, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, ExitProcess, TerminateProcess, GetCurrentProcess, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, VirtualAlloc, HeapReAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW

[[ 3 export(s) ]]

NP_GetEntryPoints, NP_Initialize, NP_Shutdown

ExifTool:

-

Antivirus Version Last Update Result

AhnLab-V3 2011.04.08.00 2011.04.07 -

AntiVir 7.11.6.4 2011.04.07 -

Antiy-AVL 2.0.3.7 2011.04.06 -

Avast 4.8.1351.0 2011.04.07 -

Avast5 5.0.677.0 2011.04.01 -

AVG 10.0.0.1190 2011.04.07 -

BitDefender 7.2 2011.04.08 -

CAT-QuickHeal 11.00 2011.04.07 -

ClamAV 0.97.0.0 2011.04.07 -

Commtouch 5.2.11.5 2011.04.06 -

Comodo 8259 2011.04.07 -

DrWeb 5.0.2.03300 2011.04.07 -

eSafe 7.0.17.0 2011.04.07 -

eTrust-Vet 36.1.8259 2011.04.07 -

F-Prot 4.6.2.117 2011.04.07 -

F-Secure 9.0.16440.0 2011.04.08 -

Fortinet 4.2.254.0 2011.04.07 -

GData 22 2011.04.07 -

Ikarus T3.1.1.103.0 2011.04.07 -

Jiangmin 13.0.900 2011.04.07 -

K7AntiVirus 9.96.4320 2011.04.07 -

Kaspersky 7.0.0.125 2011.04.07 -

McAfee 5.400.0.1158 2011.04.08 -

McAfee-GW-Edition 2010.1C 2011.04.07 -

Microsoft 1.6702 2011.04.07 -

NOD32 6024 2011.04.08 -

Norman 6.07.07 2011.04.07 -

Panda 10.0.3.5 2011.04.07 -

PCTools 7.0.3.5 2011.04.07 -

Prevx 3.0 2011.04.08 -

Rising 23.52.03.06 2011.04.07 -

Sophos 4.64.0 2011.04.08 -

SUPERAntiSpyware 4.40.0.1006 2011.04.07 -

Symantec 20101.3.2.89 2011.04.08 -

TheHacker 6.7.0.1.168 2011.04.07 -

TrendMicro 9.200.0.1012 2011.04.07 -

TrendMicro-HouseCall 9.200.0.1012 2011.04.08 -

VBA32 3.12.14.3 2011.04.07 -

VIPRE 8949 2011.04.07 -

ViRobot 2011.4.7.4398 2011.04.07 -

VirusBuster 13.6.293.1 2011.04.07 -

Additional informationShow all

MD5 : 06babe206f29efa5781fec69e760a313

SHA1 : b685e7f0ccb1db79dd66cb2e249d1334319317e0

SHA256: f88df50c6935aec5bee99df477c3ca1a4b024db938282daad19548a9125284d7

ssdeep: 192:IpI4eKabeTykGcpn6Ldz8izGuvS/yXdNW+YCCD3RYYLk4x:I1vTrK8FuKqXqCtk

File size : 10240 bytes

First seen: 2009-05-10 22:21:20

Last seen : 2011-04-07 22:45:21

TrID:

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....:

copyright....: Copyright © 2003-2004

product......: killapps

description..: killapps

original name: killapps.exe

internal name: killapps

file version.: 1, 0, 0, 1

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x2413

timedatestamp....: 0x47BC2092 (Wed Feb 20 12:44:02 2008)

machinetype......: 0x14c (I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x1CD0, 0x1E00, 6.20, e6f939229f77b369be75bc9e9027805a

.data, 0x3000, 0x12360, 0x200, 0.14, 45d329595af51e9d6c5d7506ecadc3e2

.rsrc, 0x16000, 0x390, 0x400, 2.90, bf689bb1a8d20fa7de596431d66ee71d

[[ 6 import(s) ]]

MFC42.dll: -

msvcrt.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _except_handler3, _exit, _c_exit, calloc, toupper, printf, sprintf, malloc, isdigit, atol, free, realloc, _controlfp, _XcptFilter, _stricmp

ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey, LookupPrivilegeValueA, OpenProcessToken, AdjustTokenPrivileges

KERNEL32.dll: GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetCurrentDirectoryA, CreateFileA, GetFileSize, GetPrivateProfileSectionA, GetVersionExA, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, GetLastError, WideCharToMultiByte, GetModuleHandleA, GetProcAddress, lstrlenA, lstrcpyA, CloseHandle, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoA, OpenProcess

USER32.dll: GetWindowThreadProcessId, GetWindowTextA, SendMessageA, EnumWindows

ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 7680

Comments:

CompanyName:

EntryPoint: 0x2413

FileDescription: killapps

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 10 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 1, 0, 0, 1

FileVersionNumber: 1.0.0.1

ImageVersion: 5.2

InitializedDataSize: 75776

InternalName: killapps

LanguageCode: English (U.S.)

LegalCopyright: Copyright 2003-2004

LegalTrademarks:

LinkerVersion: 7.1

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 5.2

ObjectFileType: Executable application

OriginalFilename: killapps.exe

PEType: PE32

PrivateBuild:

ProductName: killapps

ProductVersion: 1, 0, 0, 1

ProductVersionNumber: 1.0.0.1

SpecialBuild:

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2008:02:20 13:44:02+01:00

UninitializedDataSize: 0

Antivirus Version Last Update Result

AhnLab-V3 2011.03.31.03 2011.03.31 -

AntiVir 7.11.5.147 2011.03.31 -

Antiy-AVL 2.0.3.7 2011.03.30 -

Avast 4.8.1351.0 2011.03.31 -

Avast5 5.0.677.0 2011.03.31 -

AVG 10.0.0.1190 2011.03.31 -

BitDefender 7.2 2011.03.31 -

CAT-QuickHeal 11.00 2011.03.31 -

ClamAV 0.97.0.0 2011.03.31 -

Commtouch 5.2.11.5 2011.03.24 -

Comodo 8172 2011.03.31 -

DrWeb 5.0.2.03300 2011.03.31 -

eSafe 7.0.17.0 2011.03.31 -

eTrust-Vet 36.1.8245 2011.03.31 -

F-Prot 4.6.2.117 2011.03.31 -

F-Secure 9.0.16440.0 2011.03.23 -

Fortinet 4.2.254.0 2011.03.31 -

GData 22 2011.03.31 -

Ikarus T3.1.1.103.0 2011.03.31 -

Jiangmin 13.0.900 2011.03.31 -

K7AntiVirus 9.96.4251 2011.03.31 -

McAfee 5.400.0.1158 2011.03.31 -

McAfee-GW-Edition 2010.1C 2011.03.31 -

Microsoft 1.6702 2011.03.31 -

NOD32 6001 2011.03.31 -

Norman 6.07.03 2011.03.31 -

nProtect 2011-02-10.01 2011.02.15 -

Panda 10.0.3.5 2011.03.31 -

PCTools 7.0.3.5 2011.03.30 -

Prevx 3.0 2011.03.31 -

Rising 23.51.03.06 2011.03.31 -

Sophos 4.64.0 2011.03.31 -

SUPERAntiSpyware 4.40.0.1006 2011.03.31 -

Symantec 20101.3.2.89 2011.03.31 -

TheHacker 6.7.0.1.162 2011.03.31 -

TrendMicro 9.200.0.1012 2011.03.31 -

TrendMicro-HouseCall 9.200.0.1012 2011.03.31 -

VBA32 3.12.14.3 2011.03.31 -

VIPRE 8877 2011.03.31 -

ViRobot 2011.3.31.4386 2011.03.31 -

VirusBuster 13.6.279.0 2011.03.31 -

Additional informationShow all

MD5 : f83d2ea22cbac284c56d5ac4122ab5a3

SHA1 : 04fb6453fd1bd50428a2dff82cfa0408b79233b3

SHA256: dcffdad15721b3d450f4e7c9e84e4678ddf761697878e6384ed0f7564106f4f0

ssdeep: 768:qiBxRpCIt9aOX2U/Ey7E0zfMbqbqdPCBZsjBxL94ly4KloU3+cVDjj1oMtZgb9sK:qiXbjr

aOLqiMubrrsR4wplj1cZif0P

File size : 77824 bytes

First seen: 2009-03-03 21:13:04

Last seen : 2011-03-31 15:34:42

Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID:

Win64 Executable Generic (59.6%)

Win32 Executable MS Visual C++ (generic) (26.2%)

Win32 Executable Generic (5.9%)

Win32 Dynamic Link Library (generic) (5.2%)

Generic Win/DOS Executable (1.3%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x5B30

timedatestamp....: 0x44D0EEF1 (Wed Aug 02 18:29:05 2006)

machinetype......: 0x14C (Intel I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0xA468, 0xB000, 6.27, fdc2018149389fb80c33b13522ef0637

.rdata, 0xC000, 0x104C, 0x2000, 3.05, 3ae979b3782f1fe98c85083476fcd0ff

.data, 0xE000, 0x9A58, 0x5000, 3.16, a4cf83a5cafda36d7346fae1b7682e41

ThreatExpert:

http://www.threatexpert.com/report.aspx?md5=f83d2ea22cbac284c56d5ac4122ab5a3

ExifTool:

file metadata

CodeSize: 45056

EntryPoint: 0x5b30

FileSize: 76 kB

FileType: Win32 EXE

ImageVersion: 0.0

InitializedDataSize: 49152

LinkerVersion: 6.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

PEType: PE32

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2006:08:02 20:29:05+02:00

UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight

Antivirus Version Last Update Result

AhnLab-V3 2011.04.08.00 2011.04.07 -

AntiVir 7.11.6.4 2011.04.07 -

Antiy-AVL 2.0.3.7 2011.04.06 -

Avast 4.8.1351.0 2011.04.07 -

Avast5 5.0.677.0 2011.04.01 -

AVG 10.0.0.1190 2011.04.07 -

BitDefender 7.2 2011.04.08 -

CAT-QuickHeal 11.00 2011.04.07 -

ClamAV 0.97.0.0 2011.04.07 -

Commtouch 5.2.11.5 2011.04.06 -

Comodo 8259 2011.04.07 -

DrWeb 5.0.2.03300 2011.04.08 -

eSafe 7.0.17.0 2011.04.07 -

eTrust-Vet 36.1.8259 2011.04.07 -

F-Prot 4.6.2.117 2011.04.07 -

F-Secure 9.0.16440.0 2011.04.08 -

Fortinet 4.2.254.0 2011.04.07 -

GData 22 2011.04.08 -

Ikarus T3.1.1.103.0 2011.04.07 -

Jiangmin 13.0.900 2011.04.07 -

K7AntiVirus 9.96.4320 2011.04.07 -

Kaspersky 7.0.0.125 2011.04.07 -

McAfee 5.400.0.1158 2011.04.08 -

McAfee-GW-Edition 2010.1C 2011.04.07 -

Microsoft 1.6702 2011.04.07 -

NOD32 6024 2011.04.08 -

Norman 6.07.07 2011.04.07 -

Panda 10.0.3.5 2011.04.07 -

PCTools 7.0.3.5 2011.04.07 -

Prevx 3.0 2011.04.08 -

Rising 23.52.03.06 2011.04.07 -

Sophos 4.64.0 2011.04.08 -

SUPERAntiSpyware 4.40.0.1006 2011.04.07 -

Symantec 20101.3.2.89 2011.04.08 -

TheHacker 6.7.0.1.168 2011.04.07 -

TrendMicro 9.200.0.1012 2011.04.07 -

TrendMicro-HouseCall 9.200.0.1012 2011.04.08 -

VBA32 3.12.14.3 2011.04.07 -

VIPRE 8949 2011.04.07 -

ViRobot 2011.4.7.4398 2011.04.07 -

VirusBuster 13.6.293.1 2011.04.07 -

Additional informationShow all

MD5 : 228a21b3cad3e106170f7678b9dc3de3

SHA1 : a139333c5e99ae5680fee5dacd68d43b5e5872ca

SHA256: de0d911ae600ce639fe77d166434fc75a569923a6be7997958f66f169b77251a

ssdeep: 96:hm/gMhmRxWw3yuMDj6QK3/H7KBCDjY7AEk:hhMSZGXYaCDjWrk

File size : 5120 bytes

First seen: 2010-02-01 11:52:25

Last seen : 2011-04-07 22:51:33

TrID:

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x169F

timedatestamp....: 0x47BC2097 (Wed Feb 20 12:44:07 2008)

machinetype......: 0x14c (I386)

[[ 2 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0xC80, 0xE00, 5.57, 63d34ade73786bc934efef34688b8afa

.data, 0x2000, 0x350, 0x200, 0.14, 1a148fbd9c1a66f14a5d21d0375fe550

[[ 4 import(s) ]]

MFC42.dll: -

msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, malloc, free

ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA

KERNEL32.dll: UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, SetUnhandledExceptionFilter, FreeLibrary, GetStartupInfoA, GetProcAddress

ExifTool:

file metadata

CodeSize: 3584

EntryPoint: 0x169f

FileSize: 5.0 kB

FileType: Win32 EXE

ImageVersion: 5.2

InitializedDataSize: 1024

LinkerVersion: 7.1

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 5.2

PEType: PE32

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2008:02:20 13:44:07+01:00

UninitializedDataSize: 0

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Wowhead"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[2011/04/07 09:19:07 | 000,017,144 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\325cq8r6ceko405fg
[2011/04/07 09:19:06 | 000,017,144 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\325cq8r6ceko405fg
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\vbv.exe
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\sbk.exe
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rbi.exe
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\obo.exe
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\mem.exe
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ipf.exe
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\grw.exe
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fgh.exe
[2011/04/07 09:17:17 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\cyq.exe
[2011/04/07 08:12:21 | 000,016,858 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e
[2011/04/07 08:12:21 | 000,016,858 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e
[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xbk.exe
[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\pgk.exe
[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jpb.exe
[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\hmm.exe
[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gpm.exe
[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\gkk.exe
[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ast.exe
[2011/04/06 09:26:18 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aib.exe
[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yki.exe
[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yjn.exe
[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\tbr.exe
[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\nxs.exe
[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kwn.exe
[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hgd.exe
[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\fqv.exe
[2011/04/06 09:26:04 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\fqu.exe
[2011/04/06 09:26:03 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Iain\Local Settings\Application Data\ynp.exe
@Alternate Data Stream - 712 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54380FEC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073139EC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36
[2009/06/07 10:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Iain\Application Data\LimeWire

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" =-
"C:\Program Files\BitTorrent\bittorrent.exe" =-

:Commands
[purity]
[emptytemp]
[emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "Wowhead" removed from browser.search.selectedEngine

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\SET3E.tmp deleted successfully.

C:\WINDOWS\System32\SET43.tmp deleted successfully.

C:\WINDOWS\System32\SET7.tmp deleted successfully.

C:\WINDOWS\System32\SET8.tmp deleted successfully.

C:\WINDOWS\System32\tmp14.tmp deleted successfully.

C:\WINDOWS\003168_.tmp deleted successfully.

C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.

C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.

C:\WINDOWS\msdownld.tmp folder deleted successfully.

C:\Documents and Settings\All Users\Application Data\xml5B.tmp deleted successfully.

C:\Documents and Settings\All Users\Application Data\xml5C.tmp deleted successfully.

C:\Documents and Settings\All Users\Application Data\xml5D.tmp deleted successfully.

C:\NV38043808.TMP folder deleted successfully.

C:\NV38123816.TMP folder deleted successfully.

C:\Documents and Settings\All Users\Application Data\325cq8r6ceko405fg moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\325cq8r6ceko405fg moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\vbv.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\sbk.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\rbi.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\obo.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\mem.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\ipf.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\grw.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\fgh.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\cyq.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e moved successfully.

C:\Documents and Settings\All Users\Application Data\h1ak21a17g2b8yl770cwuriv0x1r5e moved successfully.

C:\Documents and Settings\All Users\Application Data\xbk.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\pgk.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\jpb.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\hmm.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\gpm.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\gkk.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\ast.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\aib.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\yki.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\yjn.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\tbr.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\nxs.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\kwn.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\hgd.exe moved successfully.

C:\Documents and Settings\All Users\Application Data\fqv.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\fqu.exe moved successfully.

C:\Documents and Settings\Iain\Local Settings\Application Data\ynp.exe moved successfully.

ADS C:\Documents and Settings\All Users\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:54380FEC deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:073139EC deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:241FA548 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36 deleted successfully.

C:\Documents and Settings\Iain\Application Data\LimeWire\xml\data folder moved successfully.

C:\Documents and Settings\Iain\Application Data\LimeWire\xml folder moved successfully.

C:\Documents and Settings\Iain\Application Data\LimeWire\themes\windows_theme folder moved successfully.

C:\Documents and Settings\Iain\Application Data\LimeWire\themes folder moved successfully.

C:\Documents and Settings\Iain\Application Data\LimeWire\.NetworkShare folder moved successfully.

C:\Documents and Settings\Iain\Application Data\LimeWire\.AppSpecialShare folder moved successfully.

C:\Documents and Settings\Iain\Application Data\LimeWire folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 32768 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User

->Temp folder emptied: 32768 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Iain

->Temp folder emptied: 2059782006 bytes

->Temporary Internet Files folder emptied: 29502738 bytes

->Java cache emptied: 12000463 bytes

->FireFox cache emptied: 132873270 bytes

->Google Chrome cache emptied: 8452848 bytes

->Flash cache emptied: 2424643 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 3214428 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 930667438 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13021202 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes

RecycleBin emptied: 1849274 bytes

Total Files Cleaned = 3,046.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Iain

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04082011_175558

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Everything appears normal now but my microsoft security center indicated that automatic updates are off but when i checked control panel > system > automatic updates it shows as on.

If it should turn out that my computer is still infected how should I repost here?

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.