antivirus soft help

View previous topic View next topic Go down

antivirus soft help

Post by aleon on 16th May 2010, 2:08 pm

well i have a virius and it keeps giving me pop ups that look like windows defender but its not.. and i can run my defender pro pc repair cuz every time i click on it it just dosnt come up and id greatly appreciate help

also im getting theses constant small pop ups in the bottom right hand corner and it says windows security alert but its not windows.. and giving me pop ups asking me to activate my antivirus soft... almost constant..


and it wont let me bookmark this page...

and its saying attack from: 140.118.57.205, port58800
attacked port: 4489
threat:bankerfox.a

and those things are changing by the way.. i just noticed

aleon
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-08
OS OS : windows xp
Points Points : 25036
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft help

Post by Belahzur on 16th May 2010, 7:57 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirus soft help

Post by aleon on 16th May 2010, 9:17 pm

Houston we have a problem.... well i click on it to open it and as soon at it opens it closes right away amd a pop up come up that the "olt" is infected activate anti virus software now? thats what it says...

aleon
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-08
OS OS : windows xp
Points Points : 25036
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft help

Post by aleon on 16th May 2010, 11:32 pm

ok so i ran the scan in safe mode and it worked


OTL Extras logfile created on: 2/8/2010 11:32:27 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\aleon987\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 0.35 Gb Free Space | 0.50% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 69.42 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEON987-PC
Current User Name: aleon987
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0608468E-180D-4049-A19B-6F1346979217}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B840EDC-9ECB-4677-A0AE-9CFD0C8771BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B9AFD85-2E8F-4B8A-AB12-E0ED638EF331}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27858B9E-A195-4D57-A680-B063BA2E2419}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{375F74E3-B10F-4BFF-9053-DEF43ADB915D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{384215D2-DCA8-4DE5-8457-24E998D52BC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48AF76CF-F1F9-46EF-949D-EA74162CD729}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5624A901-1695-414B-B9CF-96BC7931A945}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A20A93E-69FC-41EB-AF14-0B073C1B6107}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AF4FA32-016F-4702-92B0-9995B9080350}" = lport=2869 | protocol=6 | dir=in | app=system |
"{815EC74C-E224-48ED-B484-D2B2B5F95478}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8305E91A-B75C-435E-BCAC-30D4B637003E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B13E889-4A12-4BDA-B75A-98062559A286}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8B1C88EB-9E58-455A-9BC1-C970434C6B7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B9C29DD-3F4C-4A57-9E85-1129BA28228A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95B503E1-5C62-44F4-B7A7-B18103E29EB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9690CAD6-F00A-4DAD-A2FC-D1D9A09684E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CDF7B5B-7AF3-4DC4-B0B9-5A43480EB27D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E680B92-874A-4FEA-A8A2-1642A783F91A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E8A4CE2-0226-4D4C-B3EC-63BA8BA0D062}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A93A9C48-D4B9-48A8-B5AA-BC790D3EC47C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF6CE977-613D-487A-A9F4-C58B80860A15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4593756-55CF-475B-93F8-F7E2AE42769E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C5DB2E16-1F5A-476C-A2C8-F32A82D2E519}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6B11F71-BEBB-464F-98F8-CD4DA2D7127C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7B1CD7D-95AD-4BC7-B831-C9F99385969A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFA89D9A-C0B1-47AA-855F-6E1C41CAD9D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC8512DE-9D2C-40BC-93C0-E6D7A93AFE86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7CF35D0-AF08-4D3E-A000-A0F2A2E1AC1C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FAD8F66C-A56D-463C-A7C6-85642CD9ECCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059068D6-AB99-435A-8FD6-B7ACF3D05107}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05D27442-8B2E-42BA-8791-B91F5B8CDC32}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{0CB2162F-38B8-46F8-A6D1-20689A6FEFEE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{107839BC-4658-43E0-AF95-496687A94F53}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{13E270F2-EE8D-4230-A767-F184B8117EA2}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{14166FF6-7B99-41CD-9B69-2472CE0F78E5}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{1B511383-B058-4D95-858E-64D1BF7F4532}" = protocol=6 | dir=in | app=c:\program files\defender pro\defender pro internet security 6.0\avp.exe |
"{1F074D44-B1DE-47BB-9226-5A0FF7781422}" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"{27A4BA96-BD53-46AF-BF75-73B78B35F7A8}" = protocol=6 | dir=out | app=system |
"{2AA82047-694C-43C6-A161-16DDAAA6F77B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2F7C6574-C245-46CC-B918-F3A6C6255078}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{3177B34B-8707-41B6-9F73-5307F2A3F0EC}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{36A11143-A2B7-45D7-A353-15C5ACDCD105}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{415EC301-7229-4F3B-84C6-60065E8836CE}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{43F54578-E1AD-460B-AC1A-A0B74A8F25F3}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{45A042D7-962A-4DC0-A244-5ED9E687481A}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{4AAB371B-6494-4CC5-9D5A-29E37C2C58F5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4FD228FA-4FBD-41F4-AA62-2D7417879487}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{5104A184-5D25-4A68-B34F-647B63CAC2AD}" = protocol=6 | dir=out | app=system |
"{5668E60F-002B-49F2-AC4E-A7A175CAD01B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5983B8D6-1A66-43A5-AE1F-FCB72977BF1B}" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"{5BE1A93C-A3DB-4AC4-82B0-2A3B75C2C48D}" = protocol=6 | dir=in | app=c:\windows\temp\~os2e91.tmp\rlvknlg.exe |
"{65DD3CE7-D5A7-45F6-BE8E-F8138556B6EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67102A87-0484-4423-9314-F951016E6A27}" = protocol=17 | dir=in | app=c:\program files\bitdownload\bitdownload.exe |
"{6AF34A1C-1092-410C-81B4-F6656E2C5881}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{73BF448A-11EA-4B19-A055-18AAA5422A3A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7C52E5A5-CFED-49D7-A2FB-9C43F5689017}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FA376AC-A6F8-4811-BEAB-85C518CC3A70}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{8D9CBB03-C07A-4C2B-927A-B0EA0A71A538}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8E16E1EB-AFD5-409C-ACDE-075758803967}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{945A2220-1474-47B1-837B-780A9D4155AF}" = protocol=6 | dir=in | app=c:\program files\bitdownload\bitdownload.exe |
"{9BAC7265-38DA-4A8A-AF1F-A0B980239A0B}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{A0C0386D-2E06-4500-B8D1-144679D8471E}" = protocol=6 | dir=out | app=system |
"{A2D3158D-7E13-429E-9581-2EB5157D36E3}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A2DB60A0-C697-4C45-A1CE-21F31AE5B14B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A737E431-19A6-49B0-908C-D23BC26AB6B7}" = protocol=17 | dir=in | app=c:\program files\defender pro\defender pro internet security 6.0\avp.exe |
"{A9736456-09EF-4E69-AEDA-B94FED8FCB20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC36B1D6-5598-435B-8363-9125F58AAD15}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AF04B5FC-E285-4769-8775-6C04B5B2AFF0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B08F8800-1A7C-43AE-8DC5-52E8A0FE30D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3782100-E8C0-4DC4-B6C2-61431F34E687}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC054FCC-2510-455A-9F22-B698BAF4C2BB}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |
"{BF048975-2B85-4EDD-B718-C345C882DBF8}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{C64BD74A-8210-4C09-B43F-BEB8E6BC453E}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{C8B1FD55-57F8-4FA1-85D2-25EB5E94DE13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCB6B092-018C-489C-9323-7D93458DC3DE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D03589F7-5684-48B8-8A62-AD51D6B2F6CB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D0A4B255-598D-40CA-997D-FE4E91F01A6A}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |
"{D222BC71-556E-4EF9-9BAB-9CC686D0C23A}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{D405A732-E9F3-4BC7-9593-0CB2B3238ADE}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{D57DD8B3-4412-48B0-94D1-EA5B3E26DFB9}" = protocol=6 | dir=out | app=system |
"{D66F9205-9D27-4D67-89A5-DB0DF36C423F}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{D7D8B75B-E264-41AF-B31F-70DCE562266F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F60FE4-EC69-4BC9-BEB5-E8082E48F5DF}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{DB927EE5-4958-4ED2-8326-C42324DEF9C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DCC03C1E-C898-47F8-87F9-1C8BCDFE0507}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DCC26760-2C37-4EC3-B79C-5FDCA0C62D62}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E1706D8D-3D61-45D0-9E26-06ABC43ADA16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E94E868F-3D37-4AB7-8F34-383722E48819}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F056AF69-20A9-49BB-9A5B-45EE9590DBF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2D4662C-A8C9-4609-8928-407779D36CF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F4E25C07-BB6B-4DD5-9DCD-D11925BCE19A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9C96F82-99E6-469E-8851-72B478CD9BA1}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FA5F7EEB-3C43-40FD-BD6E-3A10AAD1868F}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{0DA26B2E-9895-4402-AF23-18A9C3DE5396}C:\users\aleon987\desktop\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\aleon987\desktop\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe |
"TCP Query User{11F4430D-41C5-4E0C-A12E-E983CB804BF6}C:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\12- wow-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\12- wow-engb-installer-downloader.exe |
"TCP Query User{167887BC-3A64-4925-AAE0-0012E2092FD2}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{5930FC05-EBE1-4D5A-AA89-BC1253F3F95F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{6CBC56B7-D7FB-456D-AEC3-0AF4D91D3309}C:\users\aleon987\desktop\wow-2.3.0.7561-to-0.3.2.7627-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\aleon987\desktop\wow-2.3.0.7561-to-0.3.2.7627-enus-downloader.exe |
"TCP Query User{8D80D582-1763-46AC-8052-00ACAC3EA6DA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{90CE2A6F-DD48-4275-8190-1EB1F5236120}C:\program files\bitdownload\bitdownload.exe" = protocol=6 | dir=in | app=c:\program files\bitdownload\bitdownload.exe |
"TCP Query User{91E90200-2825-4416-9559-71C39C6F068A}C:\users\aleon987\downloads\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\aleon987\downloads\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader(2).exe |
"TCP Query User{A9FD0519-EE52-4C37-B06E-215006DAB75B}C:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\14- wow-burningcrusade-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\14- wow-burningcrusade-engb-installer-downloader.exe |
"TCP Query User{AC38A840-7A2D-4BB7-BED9-203620A940F7}C:\users\aleon987\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\aleon987\program files\dna\btdna.exe |
"TCP Query User{B028D768-C972-4554-938E-F4CB6E23AA12}C:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\11- wow-frfr-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\11- wow-frfr-installer-downloader.exe |
"TCP Query User{B03AE30C-AA5C-4454-91B1-E187B19D790A}C:\program files\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files\blinkx\blinkx.exe |
"TCP Query User{D4B765DE-CF16-456A-9A4C-44D1FFD10D78}C:\users\aleon987\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\aleon987\program files\dna\btdna.exe |
"TCP Query User{E61168D4-E447-4ACB-8900-D4FB643BF1E0}C:\users\aleon987\desktop\wowclient-downloader.exe" = protocol=6 | dir=in | app=c:\users\aleon987\desktop\wowclient-downloader.exe |
"TCP Query User{EECD671D-D0E4-4092-A442-9F064C94143A}C:\program files\zune\zune.exe" = protocol=6 | dir=in | app=c:\program files\zune\zune.exe |
"UDP Query User{00B5057F-7E92-4DA5-A098-9BF9A2EAAD32}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{219F20CD-F7E7-4BEE-B764-C1A0CB8C9027}C:\program files\bitdownload\bitdownload.exe" = protocol=17 | dir=in | app=c:\program files\bitdownload\bitdownload.exe |
"UDP Query User{2683378B-90E7-4E5D-A1D5-EBCD57D1A2DD}C:\users\aleon987\desktop\wowclient-downloader.exe" = protocol=17 | dir=in | app=c:\users\aleon987\desktop\wowclient-downloader.exe |
"UDP Query User{42DB2278-FBBB-49EB-97D0-B86E0C1D95F1}C:\users\aleon987\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\aleon987\program files\dna\btdna.exe |
"UDP Query User{4761BA07-28D2-4865-887A-8743B39AB898}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{4E30773F-C661-4509-AABD-A9816CA54503}C:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\11- wow-frfr-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\11- wow-frfr-installer-downloader.exe |
"UDP Query User{5CFFFDE2-8054-423D-B1FD-B19FDEACA86A}C:\program files\zune\zune.exe" = protocol=17 | dir=in | app=c:\program files\zune\zune.exe |
"UDP Query User{7115AFF8-C7AA-491F-878C-FC00E3FF7704}C:\users\aleon987\desktop\wow-2.3.0.7561-to-0.3.2.7627-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\aleon987\desktop\wow-2.3.0.7561-to-0.3.2.7627-enus-downloader.exe |
"UDP Query User{878F1ADE-D5E5-48E0-BF9F-5A11DE9D27C2}C:\program files\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files\blinkx\blinkx.exe |
"UDP Query User{95DD6C38-E78A-42BC-B358-DC6F1D849A41}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9C87306A-EC86-4CF6-97FB-8A8BB5457241}C:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\14- wow-burningcrusade-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\14- wow-burningcrusade-engb-installer-downloader.exe |
"UDP Query User{A11180E0-8EE2-47C5-B15A-C49EBE4C738A}C:\users\aleon987\desktop\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\aleon987\desktop\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe |
"UDP Query User{C53CF6B2-2104-45D5-B08A-B2B958828064}C:\users\aleon987\downloads\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\aleon987\downloads\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader(2).exe |
"UDP Query User{D5BA6EC2-46CA-4094-A749-BF56BA85EA5E}C:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\12- wow-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\aleon987\documents\downloads\fr-en world of warcraft and burning crusade\12- wow-engb-installer-downloader.exe |
"UDP Query User{E02CF5FC-C3E2-46FA-A015-34FD76C1CC60}C:\users\aleon987\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\aleon987\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer eMode Management
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3A3532ED-A121-4297-AA4F-70B60E4BD631}" = Playalot Games
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN 1.6.7.18415 (32 bit)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116674290}" = Ikibago The Caribbean Jewel
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AFD070DC-12D0-408A-A425-CF3FA3713515}" = Identity Theft Protector 2.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}" = Defender Pro Internet Security
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIMTunes" = AIMTunes
"Defender Pro PC Repair" = Defender Pro PC Repair
"Diablo II" = Diablo II
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"FrostWire" = FrostWire 4.17.0
"Google Updater" = Google Updater
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallWIX_{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}" = Defender Pro Internet Security
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MyWebSearch bar Uninstall" = My Web Search
"NVIDIA Drivers" = NVIDIA Drivers
"PCConfidential_is1" = PC Confidential 2008
"RealJukebox" = RealJukebox
"RealPlayer 6.0" = RealPlayer 7 Basic
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Smart-Shopper" = SmartShopper
"User's Guide" = Logitech User's Guide
"ViewpointMediaPlayer" = Viewpoint Media Player
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zune" = Zune
"ZwangiSrch" = Zwangi 1.0 build 151

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

aleon
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-08
OS OS : windows xp
Points Points : 25036
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft help

Post by aleon on 17th May 2010, 2:43 am

OTL logfile created on: 5/16/2010 7:39:41 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\aleon987\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 107.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 3.15 Gb Free Space | 4.51% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 69.42 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEON987-PC
Current User Name: aleon987
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/02 12:05:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/11 17:57:28 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2010/02/11 17:57:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/02/09 00:31:53 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\aleon987\Downloads\OTL.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/09 00:31:53 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\aleon987\Downloads\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/01/29 12:10:23 | 000,049,792 | ---- | M] (TMRG, Inc.) [Auto | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2010/01/22 20:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/12/23 21:33:06 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/24 04:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/04/18 17:47:15 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c0887c3f4d80) Google Update Service (gupdate1c9c0887c3f4d80)
SRV - [2009/03/24 15:36:33 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/06/20 01:04:00 | 000,118,784 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/14 16:39:42 | 000,206,152 | ---- | M] (Defender Pro) [Auto | Stopped] -- C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe -- (AVP)
SRV - [2007/02/07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/31 18:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/12 21:25:28 | 000,274,520 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/12 21:25:28 | 000,118,870 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/01/12 06:26:10 | 000,262,247 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/12/14 17:49:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 20:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/10 21:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/18 22:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2007/12/06 10:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/18 23:26:05 | 000,115,992 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2007/07/03 01:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/04/25 14:06:48 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/04/10 12:36:36 | 000,062,794 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2007/03/03 22:39:06 | 000,110,360 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2007/02/13 23:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/07 00:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/02/07 00:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/02/07 00:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007/01/25 21:33:22 | 000,020,760 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 23:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/05/27 09:46:20 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:31:26 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {bff829b6-b433-42ce-9a19-e459d3e4e483}:3.5.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {DFF722C4-4A11-41A7-9939-C83A06B09897}:1.0
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3
FF - prefs.js..extensions.enabledItems: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}:4.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.6.117
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\Zango@Zango.com: C:\Program Files\Zango\bin\10.3.85.0\firefox\extensions
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2010/03/18 21:17:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\ [2009/12/23 21:33:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 12:05:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 12:05:32 | 000,000,000 | ---D | M]

[2008/12/07 02:40:39 | 000,000,000 | ---D | M] -- C:\Users\aleon987\AppData\Roaming\Mozilla\Extensions
[2010/05/16 07:02:03 | 000,000,000 | ---D | M] -- C:\Users\aleon987\AppData\Roaming\Mozilla\Firefox\Profiles\sfbfl86q.default\extensions
[2009/07/08 16:37:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\aleon987\AppData\Roaming\Mozilla\Firefox\Profiles\sfbfl86q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/13 23:41:33 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\aleon987\AppData\Roaming\Mozilla\Firefox\Profiles\sfbfl86q.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/02/10 21:16:16 | 000,000,000 | ---D | M] (Freeze Toolbar) -- C:\Users\aleon987\AppData\Roaming\Mozilla\Firefox\Profiles\sfbfl86q.default\extensions\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}
[2008/12/27 00:37:28 | 000,000,000 | ---D | M] -- C:\Users\aleon987\AppData\Roaming\Mozilla\Firefox\Profiles\sfbfl86q.default\extensions\moveplayer@movenetworks.com
[2010/05/11 19:22:10 | 000,000,000 | ---D | M] -- C:\Users\aleon987\AppData\Roaming\Mozilla\Firefox\Profiles\sfbfl86q.default\extensions\toolbar@ask.com
[2010/05/11 19:22:52 | 000,002,425 | ---- | M] () -- C:\Users\aleon987\AppData\Roaming\Mozilla\Firefox\Profiles\sfbfl86q.default\searchplugins\askcom.xml
[2009/06/17 09:31:34 | 000,009,941 | ---- | M] () -- C:\Users\aleon987\AppData\Roaming\Mozilla\Firefox\Profiles\sfbfl86q.default\searchplugins\mywebsearch.xml
[2010/02/18 00:06:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/08 16:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{bff829b6-b433-42ce-9a19-e459d3e4e483}
[2010/01/15 11:20:21 | 000,000,000 | ---D | M] (Zwangi) -- C:\Program Files\Mozilla Firefox\extensions\{DFF722C4-4A11-41A7-9939-C83A06B09897}
[2008/05/23 08:28:04 | 000,069,896 | ---- | M] (Zango, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll
[2009/05/27 11:13:30 | 000,070,408 | ---- | M] (Zango, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/03/02 23:05:03 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zwangi153.xml
[2010/03/12 18:02:13 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zwangi155.xml
[2010/03/16 05:27:12 | 000,002,381 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zwangi157.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (My.Freeze.com Toolbar) - {0bd6f992-62ad-47f7-aca6-299729be4e2b} - C:\Program Files\myfreezetoolbar\myfreezedx.dll ()
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
O2 - BHO: (Smart-Shopper) - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (SmartShopper Networks)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Updater For My.Freeze.com Toolbar) - {C26CD490-5F01-41E3-B150-EB29F19DA056} - C:\Program Files\myfreezetoolbar\auxi\myfreezetoolbAu.dll (Visicom Media)
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My.Freeze.com Toolbar) - {0bd6f992-62ad-47f7-aca6-299729be4e2b} - C:\Program Files\myfreezetoolbar\myfreezedx.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avp.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKCU..\Run: [cdrusijf] C:\Users\aleon987\AppData\Local\bwerrsaan\ppgjyhntssd.exe ()
O4 - HKCU..\Run: [DDC] C:\Users\aleon987\AppData\Local\Temp\rvompxge.exe File not found
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\aleon987\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: start = C:\Program Files\NetProject\sbmntr.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll (Defender Pro)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra 'Tools' menuitem : IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - File not found
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Defender Pro)
O24 - Desktop WallPaper: C:\Users\aleon987\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\aleon987\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bae1c70-ab68-11dd-82a7-0019210c2837}\Shell - "" = AutoRun
O33 - MountPoints2\{5bae1c70-ab68-11dd-82a7-0019210c2837}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/16 04:22:23 | 000,000,000 | ---D | C] -- C:\Users\aleon987\AppData\Local\bwerrsaan
[2010/05/11 11:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/02/08 16:01:30 | 001,057,800 | ---- | C] (ADC ltd.) -- C:\Users\aleon987\AppData\Roaming\wpp.exe
[2007/04/25 14:09:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/05/16 19:32:11 | 002,621,440 | -HS- | M] () -- C:\Users\aleon987\ntuser.dat
[2010/05/16 17:39:26 | 000,000,075 | ---- | M] () -- C:\Users\aleon987\jagex_runescape_preferences2.dat
[2010/05/16 16:34:04 | 000,000,069 | ---- | M] () -- C:\Users\aleon987\jagex_runescape_preferences.dat
[2010/05/16 16:17:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/16 15:34:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/16 14:50:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 14:50:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 14:49:24 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/16 06:50:43 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2010/05/16 06:50:42 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/05/16 06:50:41 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2010/05/16 06:50:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/16 06:49:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/11 11:15:08 | 000,001,022 | ---- | M] () -- C:\Users\aleon987\Desktop\FrostWire 4.20.6.lnk
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/04 14:30:40 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/04 14:30:40 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/04 14:30:40 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/01 18:19:36 | 067,866,656 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/04/28 15:49:01 | 000,248,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/28 03:19:37 | 000,791,936 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/04/28 03:19:35 | 000,524,288 | -HS- | M] () -- C:\Users\aleon987\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 03:19:35 | 000,065,536 | -HS- | M] () -- C:\Users\aleon987\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/04/28 03:18:32 | 001,777,009 | -H-- | M] () -- C:\Users\aleon987\AppData\Local\IconCache.db

========== Files Created - No Company Name ==========

[2010/05/11 11:15:08 | 000,001,022 | ---- | C] () -- C:\Users\aleon987\Desktop\FrostWire 4.20.6.lnk
[2010/02/09 16:33:43 | 000,001,744 | -H-- | C] () -- C:\ProgramData\buhonimu
[2010/02/08 16:01:57 | 000,000,073 | ---- | C] () -- C:\Users\aleon987\AppData\Roaming\wp4.dat
[2010/02/08 16:01:57 | 000,000,003 | ---- | C] () -- C:\Users\aleon987\AppData\Roaming\wp3.dat
[2010/01/02 09:28:35 | 000,000,252 | ---- | C] () -- C:\Users\aleon987\AppData\Roaming\RSBot Accounts.ini
[2009/12/23 20:52:42 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/18 14:37:11 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/12/18 14:37:11 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/12/18 14:37:11 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/09/13 12:42:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/11/26 19:08:49 | 000,000,560 | ---- | C] () -- C:\Windows\_delis32.ini
[2008/06/10 08:04:40 | 000,005,632 | ---- | C] () -- C:\Users\aleon987\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/27 12:15:50 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/02/17 05:09:18 | 000,000,434 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/01/20 13:21:15 | 000,007,728 | ---- | C] () -- C:\Users\aleon987\AppData\Local\d3d9caps.dat
[2007/05/14 03:45:04 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/05/14 03:45:04 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/04/25 14:46:36 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/25 14:09:17 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/25 13:34:22 | 000,000,446 | ---- | C] () -- C:\Windows\generic.ini
[2007/04/25 13:34:22 | 000,000,107 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/03/30 13:31:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll
[2007/02/06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/27 09:10:24 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4C745529
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:02C1CB6D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:860D9052
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:2D0C22DC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5EC637CB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C8E29393
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:390B30B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1198CD34
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C46995DA
< End of report >

aleon
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-02-08
OS OS : windows xp
Points Points : 25036
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft help

Post by Belahzur on 17th May 2010, 9:31 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum