"xp antivirus pro" defies removal

View previous topic View next topic Go down

"xp antivirus pro" defies removal

Post by Linoze on 6th February 2010, 10:43 pm

windows xp

Linoze
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-06
OS OS : windows 7
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "xp antivirus pro" defies removal

Post by Belahzur on 7th February 2010, 1:16 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

XP Antivirus Pro Defies Removal: otl;otl extra

Post by Linoze on 7th February 2010, 2:08 am

OTL logfile created on: 2/6/2010 8:47:41 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Evie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 398.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.46 Gb Total Space | 1.41 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIVALICIOUS
Current User Name: Evie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/06 20:47:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evie\Desktop\OTL.exe
PRC - [2010/02/05 23:31:09 | 000,277,504 | -HS- | M] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\av.exe
PRC - [2010/01/08 01:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/11/24 15:48:30 | 000,184,752 | ---- | M] () -- C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/12 10:03:32 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/03 10:04:58 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office12\GrooveMonitor.exe
PRC - [2008/08/26 19:58:02 | 000,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
PRC - [2007/02/07 20:36:28 | 001,037,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2007/02/07 20:21:08 | 000,018,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2006/11/25 01:05:50 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/06/01 00:46:16 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/08/04 04:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pace University\PaceVPN Client\cvpnd.exe
PRC - [2004/05/27 19:50:06 | 000,045,056 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/06 20:47:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evie\Desktop\OTL.exe
MOD - [2009/11/12 10:03:32 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/12 10:03:32 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/11/02 16:22:17 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/15 18:49:00 | 003,042,652 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/14 11:47:50 | 000,200,704 | ---- | M] (SoundMovieServer) [On_Demand | Stopped] -- C:\windows\System32\snmvtsvc.exe -- (SoundMovieServer)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/26 19:58:02 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2007/04/06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2007/02/07 20:21:08 | 000,018,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/06/03 03:28:34 | 000,372,809 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/06/03 03:25:56 | 000,086,016 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/06/03 03:25:20 | 000,139,264 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/06/01 00:50:16 | 000,098,304 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe -- (OwnershipProtocol)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 04:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Pace University\PaceVPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/05/27 19:50:06 | 000,045,056 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe -- (PDUiP6000DMemCrdMgr)


========== Driver Services (SafeList) ==========

DRV - [2009/11/28 17:33:55 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009/11/28 17:33:45 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009/11/12 10:03:32 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/12 10:03:32 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/12 10:03:32 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/30 11:11:00 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009/09/03 09:45:12 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/27 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/14 11:58:12 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2008/11/14 11:58:08 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/01/09 17:25:04 | 000,067,784 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2006/03/23 14:47:06 | 001,166,972 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/08/25 19:14:31 | 000,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/07/27 13:01:00 | 000,190,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/07/07 05:03:00 | 000,006,656 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ptpd.sys -- (ptpd)
DRV - [2005/05/26 21:19:18 | 000,839,724 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/05/04 20:18:00 | 002,951,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/03 09:03:54 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/04/30 18:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/03/04 14:10:00 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/25 20:34:58 | 000,045,056 | R--- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\phnxvcd.sys -- (PhnxVcd)
DRV - [2005/02/15 09:52:20 | 000,179,482 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VVBackd5.sys -- (VVBackd5)
DRV - [2005/02/15 09:52:20 | 000,043,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RITCPT.SYS -- (RITCPT)
DRV - [2005/02/15 09:52:20 | 000,005,088 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI)
DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/19 10:40:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 04:54:32 | 000,269,387 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2004/07/22 11:36:00 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2003/08/28 21:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/13 02:27:00 | 000,002,304 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2003/07/24 18:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/12/27 09:09:14 | 000,026,404 | R--- | M] (CARDBUSs) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CB103ND5.sys -- (CB103)
DRV - [2001/11/23 10:55:28 | 000,038,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=634471"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=634471&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,*.local"


FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/04 21:13:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/04 21:13:44 | 000,000,000 | ---D | M]

[2010/02/04 21:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evie\Application Data\Mozilla\Extensions
[2009/09/26 13:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evie\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/09/03 07:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Evie\Application Data\Mozilla\Firefox\Profiles\ss3xnxr0.default\extensions
[2009/09/01 17:36:19 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Evie\Application Data\Mozilla\Firefox\Profiles\ss3xnxr0.default\searchplugins\ask.xml
[2009/07/17 18:02:48 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Evie\Application Data\Mozilla\Firefox\Profiles\ss3xnxr0.default\searchplugins\BearShareWebSearch.xml
[2009/11/04 12:51:58 | 000,002,456 | ---- | M] () -- C:\Documents and Settings\Evie\Application Data\Mozilla\Firefox\Profiles\ss3xnxr0.default\searchplugins\iMeshWebSearch.xml
[2010/02/04 21:17:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Evie\Application Data\Mozilla\Firefox\Profiles\ss3xnxr0.default\searchplugins\mywebsearch.xml
[2010/02/06 16:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe File not found
O4 - HKLM..\Run: [DataMngr] C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [F5JMWNZTHI] C:\Documents and Settings\Evie\Local Settings\Temp\Gkx.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; GTB5; FunWebProducts; Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} [You must be registered and logged in to see this link.] (CSolidBrowserObj Object)
O16 - DPF: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.20,93.188.166.38
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{116bad5b-69af-11de-9c1a-0013ceed522f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4c6a25c-97d7-11de-9c56-0013ceed522f}\Shell\AutoRun\command - "" = E:\wubi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/06 20:47:11 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evie\Desktop\OTL.exe
[2010/02/06 17:09:08 | 000,059,664 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfSysMon.sys
[2010/02/06 17:09:08 | 000,051,984 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfFsMon.sys
[2010/02/06 17:09:08 | 000,033,552 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfNetMon.sys
[2010/02/06 17:08:30 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
[2010/02/06 17:08:30 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
[2010/02/06 17:08:30 | 000,149,456 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
[2010/02/06 17:08:20 | 000,233,136 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
[2010/02/06 17:08:03 | 000,207,792 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2010/02/06 17:08:03 | 000,087,784 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
[2010/02/06 17:07:34 | 000,070,408 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
[2010/02/06 17:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/06 17:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/06 17:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\Application Data\PC Tools
[2010/02/06 17:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/06 17:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/06 17:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\Desktop\Downloads
[2010/02/06 17:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\Application Data\GetRightToGo
[2010/02/06 16:20:37 | 000,067,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\MpFilter.sys
[2010/02/06 16:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Forefront
[2010/02/06 11:51:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/02/06 11:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/06 11:51:14 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/02/06 11:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/04 22:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\BVE
[2010/02/04 21:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\My Documents\Downloads
[2010/02/03 23:01:14 | 000,000,000 | ---D | C] -- C:\Cheat Engine
[2010/02/03 22:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\Desktop\Data
[2010/01/30 14:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\Local Settings\Application Data\SCE
[2010/01/30 14:15:18 | 000,000,000 | ---D | C] -- C:\windows\System32\XPSViewer
[2010/01/30 14:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/01/30 14:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\Application Data\Sony Online Entertainment
[2010/01/30 14:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Online Entertainment
[2010/01/30 14:06:24 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsg2.dll
[2010/01/23 09:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\Application Data\Search Settings
[2010/01/23 09:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\Application Data\Dealio
[2010/01/22 19:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2010/01/22 19:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/01/22 19:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Search Settings
[2010/01/14 21:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/01/14 21:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/14 21:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/12 21:17:19 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\aclayers.dll
[2010/01/09 06:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evie\My Documents\pics
[2009/11/02 16:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/02 16:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/29 02:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/09 12:52:40 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MFC71.dll
[2009/08/09 12:52:40 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2009/08/01 08:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/02/04 07:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/08/25 18:04:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/25 18:04:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[46 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/06 20:50:11 | 000,000,278 | -H-- | M] () -- C:\windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/06 20:47:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evie\Desktop\OTL.exe
[2010/02/06 20:38:04 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/06 20:14:12 | 000,012,446 | -HS- | M] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\MXoRr4K
[2010/02/06 18:38:18 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/06 17:16:13 | 000,000,412 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Signature Update.job
[2010/02/06 17:16:12 | 000,000,430 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Quick Scan.job
[2010/02/06 17:16:10 | 000,000,406 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/02/06 17:14:15 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/02/06 17:13:09 | 000,000,436 | ---- | M] () -- C:\windows\tasks\RegCure Program Check.job
[2010/02/06 17:13:09 | 000,000,376 | ---- | M] () -- C:\windows\tasks\RegCure Startup.job
[2010/02/06 17:13:06 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/02/06 17:13:01 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/02/06 17:12:58 | 1039,585,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/06 17:10:57 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Evie\NTUSER.DAT
[2010/02/06 17:10:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Evie\ntuser.ini
[2010/02/06 17:07:43 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/06 14:38:17 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/06 14:31:39 | 000,002,199 | ---- | M] () -- C:\Documents and Settings\Evie\Desktop\BVE.lnk
[2010/02/06 11:51:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/06 10:46:03 | 000,482,650 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/02/06 10:46:02 | 000,090,190 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/02/06 10:46:02 | 000,004,770 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/02/05 23:31:09 | 000,277,504 | -HS- | M] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\av.exe
[2010/02/05 23:16:03 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/02/04 21:14:06 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/04 16:57:42 | 002,109,564 | -H-- | M] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\IconCache.db
[2010/02/04 16:45:41 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/03 22:05:54 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\Evie\Desktop\My Documents.lnk
[2010/02/02 21:15:33 | 000,129,696 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2010/02/02 21:08:58 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/30 14:28:04 | 000,251,552 | ---- | M] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/30 14:23:38 | 000,661,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/01/30 14:21:23 | 000,001,444 | ---- | M] () -- C:\Documents and Settings\Evie\Desktop\Free Realms.lnk
[2010/01/27 17:47:26 | 000,291,818 | ---- | M] () -- C:\Documents and Settings\Evie\Desktop\AirTran Reservations - Itinerary.mht
[2010/01/20 17:21:44 | 000,259,900 | ---- | M] () -- C:\Documents and Settings\Evie\My Documents\The-Last-Patriot-A-Thriller.azw
[2010/01/20 17:21:27 | 000,441,944 | ---- | M] () -- C:\Documents and Settings\Evie\My Documents\The-War-Within-A-Secret-White-House-History-2006-2008.azw
[2010/01/20 17:19:04 | 000,207,080 | ---- | M] () -- C:\Documents and Settings\Evie\My Documents\Act-Like-a-Lady-Think-Like-a-Man.azw
[2010/01/20 17:17:56 | 000,446,740 | ---- | M] () -- C:\Documents and Settings\Evie\My Documents\Captured.azw
[2010/01/14 22:00:28 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[46 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/06 17:14:22 | 000,000,278 | -H-- | C] () -- C:\windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/06 17:08:33 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll
[2010/02/06 17:08:30 | 001,152,444 | ---- | C] () -- C:\windows\UDB.zip
[2010/02/06 17:08:30 | 000,000,882 | ---- | C] () -- C:\windows\RegSDImport.xml
[2010/02/06 17:08:30 | 000,000,880 | ---- | C] () -- C:\windows\RegISSImport.xml
[2010/02/06 17:08:30 | 000,000,131 | ---- | C] () -- C:\windows\IDB.zip
[2010/02/06 17:08:20 | 000,007,387 | ---- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
[2010/02/06 17:08:03 | 000,007,412 | ---- | C] () -- C:\windows\System32\drivers\PCTAppEvent.cat
[2010/02/06 17:08:03 | 000,007,383 | ---- | C] () -- C:\windows\System32\drivers\pctcore.cat
[2010/02/06 17:07:43 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/06 17:07:34 | 000,007,383 | ---- | C] () -- C:\windows\System32\drivers\pctplsg.cat
[2010/02/06 16:24:43 | 000,000,412 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Signature Update.job
[2010/02/06 16:24:42 | 000,000,430 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Quick Scan.job
[2010/02/06 16:24:40 | 000,000,406 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/02/06 11:51:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/05 23:31:28 | 000,012,446 | -HS- | C] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\MXoRr4K
[2010/02/05 23:31:09 | 000,277,504 | -HS- | C] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\av.exe
[2010/02/04 22:23:23 | 000,002,199 | ---- | C] () -- C:\Documents and Settings\Evie\Desktop\BVE.lnk
[2010/02/04 16:45:41 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/03 22:05:54 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\Evie\Desktop\My Documents.lnk
[2010/01/30 14:21:23 | 000,001,444 | ---- | C] () -- C:\Documents and Settings\Evie\Desktop\Free Realms.lnk
[2010/01/30 14:17:49 | 000,422,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/27 17:47:26 | 000,291,818 | ---- | C] () -- C:\Documents and Settings\Evie\Desktop\AirTran Reservations - Itinerary.mht
[2010/01/20 17:21:43 | 000,259,900 | ---- | C] () -- C:\Documents and Settings\Evie\My Documents\The-Last-Patriot-A-Thriller.azw
[2010/01/20 17:21:26 | 000,441,944 | ---- | C] () -- C:\Documents and Settings\Evie\My Documents\The-War-Within-A-Secret-White-House-History-2006-2008.azw
[2010/01/20 17:19:03 | 000,207,080 | ---- | C] () -- C:\Documents and Settings\Evie\My Documents\Act-Like-a-Lady-Think-Like-a-Man.azw
[2010/01/20 17:17:55 | 000,446,740 | ---- | C] () -- C:\Documents and Settings\Evie\My Documents\Captured.azw
[2010/01/14 21:13:42 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/28 17:33:55 | 000,180,224 | ---- | C] () -- C:\windows\System32\WinVd32.sys
[2009/09/26 14:33:28 | 000,000,220 | ---- | C] () -- C:\windows\cdplayer.ini
[2009/09/26 13:28:46 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Evie\Application Data\Smiley.ico
[2009/08/26 11:29:41 | 002,548,226 | ---- | C] () -- C:\Program Files\assets.tdx
[2009/08/09 13:31:49 | 000,000,480 | ---- | C] () -- C:\Program Files\JetLog.txt
[2009/08/09 13:31:25 | 000,000,052 | ---- | C] () -- C:\Program Files\Trainz.cfg
[2009/08/09 13:31:24 | 000,000,410 | ---- | C] () -- C:\Program Files\laucherLog.txt
[2009/08/09 12:55:33 | 172,938,923 | ---- | C] () -- C:\Program Files\trains.ja
[2009/08/09 12:53:09 | 226,922,156 | ---- | C] () -- C:\Program Files\data.ja
[2009/08/09 12:52:40 | 000,347,199 | ---- | C] () -- C:\Program Files\readmeback.jpg
[2009/08/09 12:52:40 | 000,040,960 | ---- | C] () -- C:\Program Files\TRS2006.exe
[2009/08/09 12:52:40 | 000,035,771 | ---- | C] () -- C:\Program Files\readmelogo.gif
[2009/08/09 12:52:40 | 000,014,851 | ---- | C] () -- C:\Program Files\readme.htm
[2009/08/09 12:52:40 | 000,000,115 | ---- | C] () -- C:\Program Files\trainzoptions.txt
[2009/01/11 22:21:47 | 000,135,168 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2009/01/11 22:21:38 | 000,143,384 | ---- | C] () -- C:\windows\System32\CSGina.dll
[2007/03/03 10:27:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2006/12/16 19:15:17 | 000,000,000 | ---- | C] () -- C:\windows\OpPrintServer.INI
[2006/12/16 19:10:26 | 000,007,680 | ---- | C] () -- C:\windows\System32\CNMVS69.DLL
[2006/11/25 01:31:49 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/19 18:24:18 | 000,000,427 | ---- | C] () -- C:\windows\COOK'N5.INI
[2006/10/27 21:57:12 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Evie\Application Data\wklnhst.dat
[2006/10/25 19:07:22 | 000,001,890 | -HS- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2006/10/25 19:07:22 | 000,000,056 | RHS- | C] () -- C:\windows\System32\14C6643570.sys
[2006/10/21 13:10:27 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2006/10/19 13:40:08 | 000,179,482 | ---- | C] () -- C:\windows\System32\drivers\VVBackd5.sys
[2006/10/19 12:53:03 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Evie\Local Settings\Application Data\fusioncache.dat
[2006/07/26 15:16:32 | 000,043,512 | ---- | C] () -- C:\windows\System32\drivers\RITCPT.SYS
[2006/07/23 22:03:57 | 000,471,040 | ---- | C] () -- C:\windows\dbengine.dll
[2006/07/23 22:03:57 | 000,303,104 | ---- | C] () -- C:\windows\spy.dll
[2006/07/23 22:03:57 | 000,057,344 | ---- | C] () -- C:\windows\vxddll.dll
[2006/07/23 22:03:57 | 000,032,768 | ---- | C] () -- C:\windows\commhook.dll
[2006/07/23 22:03:57 | 000,020,480 | ---- | C] () -- C:\windows\commque.dll
[2006/07/23 22:03:55 | 000,184,320 | ---- | C] () -- C:\windows\keyboard.dll
[2006/07/23 22:03:55 | 000,094,208 | ---- | C] () -- C:\windows\guidll.dll
[2006/07/23 22:03:55 | 000,049,152 | ---- | C] () -- C:\windows\hook.dll
[2006/07/23 22:03:54 | 000,245,760 | ---- | C] () -- C:\windows\dialogs.dll
[2006/07/23 21:58:39 | 000,335,360 | ---- | C] () -- C:\windows\System32\Tx32.dll
[2006/07/23 21:58:39 | 000,000,202 | ---- | C] () -- C:\windows\System32\IC32.INI
[2006/07/23 21:58:38 | 000,225,792 | ---- | C] () -- C:\windows\System32\IMGMAN30.DLL
[2006/07/23 21:58:37 | 000,382,464 | ---- | C] () -- C:\windows\System32\HTKRNL32.DLL
[2006/07/23 21:41:48 | 000,000,195 | ---- | C] () -- C:\windows\nprk32.INI
[2006/07/23 21:39:50 | 000,172,032 | ---- | C] () -- C:\windows\System32\rsUtil.dll
[2006/07/23 21:34:24 | 000,040,448 | ---- | C] () -- C:\windows\System32\regobj.dll
[2006/07/23 21:17:37 | 000,000,108 | ---- | C] () -- C:\windows\SMDebug.ini
[2006/07/23 21:17:35 | 000,000,191 | ---- | C] () -- C:\windows\SMSI.INI
[2006/07/23 21:17:32 | 000,026,448 | ---- | C] () -- C:\windows\System32\smfaxmon.dll
[2006/07/23 21:15:22 | 000,000,053 | ---- | C] () -- C:\windows\MAXLINK.INI
[2006/07/23 21:15:22 | 000,000,000 | ---- | C] () -- C:\windows\QUICKEN.INI
[2006/07/23 21:10:17 | 000,036,968 | ---- | C] () -- C:\windows\System32\ActPanel.dll
[2005/08/29 12:13:14 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/08/26 11:00:07 | 000,002,304 | R--- | C] () -- C:\windows\System32\Machnm32.sys
[2005/08/26 10:59:29 | 000,032,768 | R--- | C] () -- C:\windows\System32\RitShell.dll
[2005/08/26 10:59:20 | 000,005,088 | R--- | C] () -- C:\windows\System32\drivers\FBAPI.sys
[2005/08/25 19:14:50 | 000,016,384 | ---- | C] () -- C:\windows\System32\iwca.dll
[2005/08/25 19:06:39 | 000,065,536 | R--- | C] () -- C:\windows\sm56spn.dll
[2005/08/25 19:06:39 | 000,065,536 | R--- | C] () -- C:\windows\sm56itl.dll
[2005/08/25 19:06:39 | 000,049,152 | R--- | C] () -- C:\windows\sm56jpn.dll
[2005/08/25 19:06:38 | 000,065,536 | R--- | C] () -- C:\windows\sm56ger.dll
[2005/08/25 19:06:38 | 000,065,536 | R--- | C] () -- C:\windows\sm56fra.dll
[2005/08/25 19:06:38 | 000,065,536 | R--- | C] () -- C:\windows\sm56eng.dll
[2005/08/25 19:06:38 | 000,065,536 | R--- | C] () -- C:\windows\sm56brz.dll
[2005/08/25 19:06:38 | 000,045,056 | R--- | C] () -- C:\windows\sm56cht.dll
[2005/08/25 19:06:38 | 000,045,056 | R--- | C] () -- C:\windows\sm56chs.dll
[2005/08/25 18:55:05 | 000,156,672 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2005/08/24 17:05:08 | 000,000,966 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2004/07/13 17:36:06 | 000,001,631 | ---- | C] () -- C:\windows\PFA130.ini
[2003/12/22 16:40:06 | 001,663,068 | ---- | C] () -- C:\windows\System32\libmmd.dll
[2003/01/21 15:08:36 | 000,147,515 | ---- | C] () -- C:\windows\System32\playsound.dll
[2001/11/23 10:55:28 | 000,038,176 | ---- | C] () -- C:\windows\System32\drivers\SbcpHid.sys
[2000/02/08 04:05:36 | 000,110,080 | R--- | C] () -- C:\windows\System32\W32MKRC.DLL
[2000/02/08 04:05:34 | 000,038,576 | ---- | C] () -- C:\windows\System32\NWLOCALE.DLL
[1999/03/30 11:53:50 | 000,000,793 | ---- | C] () -- C:\windows\BTI.INI
[1997/06/18 02:00:00 | 001,672,976 | ---- | C] () -- C:\windows\System32\MSO97V.DLL
[1997/06/18 02:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1997/06/18 02:00:00 | 000,016,384 | ---- | C] () -- C:\windows\System32\MSORFS.DLL
[1997/06/18 02:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Linoze
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-06
OS OS : windows 7
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

otl extra - XP Antivirus Removal

Post by Linoze on 7th February 2010, 2:10 am

OTL Extras logfile created on: 2/6/2010 8:47:41 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Evie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 398.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.46 Gb Total Space | 1.41 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIVALICIOUS
Current User Name: Evie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Documents and Settings\Evie\Local Settings\Application Data\av.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"27342:TCP" = 27342:TCP:*:Disabled:SolidNetworkManager
"27342:UDP" = 27342:UDP:*:Disabled:SolidNetworkManager
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57556:TCP" = 57556:TCP:*:Enabled:Pando Media Booster
"57556:UDP" = 57556:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (America Online Inc)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Office12\OUTLOOK.EXE" = C:\Program Files\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Office12\GROOVE.EXE" = C:\Program Files\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Office12\ONENOTE.EXE" = C:\Program Files\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found
"C:\Program Files\OGPlanet\LostSaga\autoupgrade.exe" = C:\Program Files\OGPlanet\LostSaga\autoupgrade.exe:*:Enabled:LostSaga(upgrade) -- File not found
"C:\Program Files\OGPlanet\LostSaga\lostsaga.exe" = C:\Program Files\OGPlanet\LostSaga\lostsaga.exe:*:Enabled:LostSaga(client) -- File not found
"C:\Ntreev\Grand Chase\main.exe" = C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14885FC7-745C-49D1-98D0-001989EC6646}" = Easy Language 61
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{21DFBF7E-DC05-4E87-A7D1-D5631A23ECED}" = AQUAZONE DESKTOP GARDEN
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35F768BD-330E-4A2C-89C5-A38B588AF08D}" = Canon PIXMA iP6000D Memory Card Utility
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{436028CD-6476-4224-9274-8F0320F30FD1}" = Microsoft Forefront Client Security Antimalware Service
"{45D65580-4B8B-4AAD-9F3F-58D7A0EC90D8}" = SAPI
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{62255D54-FBF6-429D-9D84-5A015912BAF7}" = Peachtree First Accounting 2006
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{720DAF8C-F9FD-4236-8EDD-75219B21E276}" = WriteExpress 3,001 Business & Sales Letters
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BB7B2D-748F-4AE9-89C3-78C051833EA1}" = OpenOffice.org 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}" = Microsoft Location Finder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93FFAF06-DB3A-4A68-A057-341B2146FDB6}" = ExpensAble 7
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU.msi
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BFBF0452-83DE-4678-9F1D-E58AA41265F0}" = BVE
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF404C21-47EB-4FA5-B920-91746874ED43}" = Ulead Photo Express My Scrapbook 2.0
"{D0E604A0-5C90-4212-88B5-2AFCFF134FB5}" = MSN Toolbar
"{D18E5144-2B47-41DC-851F-68CB05AD7EDE}" = OfficeReady OOo
"{D2BFDD8E-D276-11D6-88AF-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_06
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DCF84385-88E3-4472-8144-E95B823FC5DB}" = The Print Shop 21
"{E3B67FB4-F425-40E5-BDDA-7CD494202022}" = MPIO Software Installation
"{E8B56B38-A826-11DB-8C83-0011430C73A4}" = Microsoft Forefront Client Security State Assessment Service
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"bearsharetb" = MediaBar
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CANONBJ_Deinstall_CNMCP69.DLL" = Canon PIXMA iP6000D
"Daniusoft WMA MP3 Converter_is1" = Daniusoft WMA MP3 Converter(Build 1.5.11)
"Digital Lifeline" = Digital Lifeline
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GoldWave v5.55" = GoldWave v5.55
"Google Desktop" = Google Desktop
"HotFax MessageCenter" = HotFax MessageCenter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Image Broadway" = Image Broadway
"iMesh MediaBar" = MediaBar
"InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}" = StuffIt Standard
"InstallShield_{62255D54-FBF6-429D-9D84-5A015912BAF7}" = Peachtree First Accounting 2006
"InstallShield_{720DAF8C-F9FD-4236-8EDD-75219B21E276}" = WriteExpress 3,001 Business & Sales Letters
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrgChart Professional" = OrgChart Professional 2.0
"pr5file" = Personal RecordKeeper
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure 1.6.0.0
"RestoreIT!" = Recover Pro
"Resumes Quick & Easy" = Professional Resumes Quick & Easy
"Smart Business & Marketing Plan 8.0" = Smart Business & Marketing Plan 8.0
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SolidStateIONIE" = Solid State ION Internet Explorer Plugin
"SoundTaxi_is1" = SoundTaxi 3.6.5
"Spyware Doctor" = Spyware Doctor 7.0
"Street Legal Racing Redline" = Street Legal Racing Redline
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XLViewer97" = Microsoft Excel Viewer 97
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Free Realms Installer" = Free Realms Installer
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"PassportPhoto" = PassportPhoto (remove)
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2010 1:30:27 PM | Computer Name = DIVALICIOUS | Source = Application Hang | ID = 1002
Description = Hanging application av.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2010 1:59:54 PM | Computer Name = DIVALICIOUS | Source = Application Hang | ID = 1002
Description = Hanging application av.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2010 5:28:11 PM | Computer Name = DIVALICIOUS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 1.5.1937.0, P5 mpsigdwn.dll, P6 1.5.1937.0, P7 microsoft forefront
client security, P8 NIL, P9 NIL, P10 NIL.

Error - 2/6/2010 5:33:49 PM | Computer Name = DIVALICIOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2/6/2010 5:34:29 PM | Computer Name = DIVALICIOUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 2/6/2010 5:42:31 PM | Computer Name = DIVALICIOUS | Source = MsiInstaller | ID = 10005
Description = Product: Windows Defender -- Microsoft Client Protection has been
found. Please remove that product and rerun the setup.

Error - 2/6/2010 5:43:35 PM | Computer Name = DIVALICIOUS | Source = Application Hang | ID = 1002
Description = Hanging application av.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2010 5:43:41 PM | Computer Name = DIVALICIOUS | Source = Application Hang | ID = 1001
Description = Fault bucket 03948287.

Error - 2/6/2010 5:46:03 PM | Computer Name = DIVALICIOUS | Source = Application Hang | ID = 1002
Description = Hanging application av.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2010 9:27:19 PM | Computer Name = DIVALICIOUS | Source = Application Error | ID = 1000
Description = Faulting application gkx.exe, version 0.0.0.0, faulting module gkx.exe,
version 0.0.0.0, fault address 0x0000dd99.

[ System Events ]
Error - 2/6/2010 4:17:18 PM | Computer Name = DIVALICIOUS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 2/6/2010 5:19:50 PM | Computer Name = DIVALICIOUS | Source = FcsSas | ID = 141078
Description = Forefront Client Security State Assessment Service policy applied
with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter

Error - 2/6/2010 5:37:17 PM | Computer Name = DIVALICIOUS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Definition Update for Microsoft Forefront Client Security
- KB915597 (Definition 1.75.482.0).

Error - 2/6/2010 6:10:40 PM | Computer Name = DIVALICIOUS | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without
first being prepared for removal.

Error - 2/6/2010 6:10:40 PM | Computer Name = DIVALICIOUS | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASENUM\0000 disappeared from the system without
first being prepared for removal.

Error - 2/6/2010 6:10:40 PM | Computer Name = DIVALICIOUS | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without
first being prepared for removal.

Error - 2/6/2010 6:13:47 PM | Computer Name = DIVALICIOUS | Source = Service Control Manager | ID = 7001
Description = The Spectrum24 Event Monitor service depends on the EvtEng service
which failed to start because of the following error: %%1058

Error - 2/6/2010 6:13:59 PM | Computer Name = DIVALICIOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 2/6/2010 6:18:34 PM | Computer Name = DIVALICIOUS | Source = FcsSas | ID = 141078
Description = Forefront Client Security State Assessment Service policy applied
with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter

Error - 2/6/2010 9:26:47 PM | Computer Name = DIVALICIOUS | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

Linoze
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-06
OS OS : windows 7
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "xp antivirus pro" defies removal

Post by Belahzur on 7th February 2010, 11:50 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: "xp antivirus pro" defies removal

Post by Linoze on 12th February 2010, 5:52 pm

Thanks, Belahzur, for taking the time to reply. Actually I muddled through and resolved the problem, ending up with MBAM. However, I can't say for sure that I have completely innoculated the computer from the virus for future purposes.

Leonard

Linoze
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-06
OS OS : windows 7
Points Points : 25018
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "xp antivirus pro" defies removal

Post by Belahzur on 12th February 2010, 8:36 pm

Okay, well, lets make sure, please run Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum