infected with bn9.tmp

View previous topic View next topic Go down

infected with bn9.tmp

Post by jmrnd82b on Tue 13 Jul 2010, 1:25 am

OTL Extras logfile created on: 12/07/2010 10:46:37 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 3140 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 17.54 Gb Free Space | 7.53% Space Free | Partition Type: NTFS
Drive D: | 1.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2D0F984206
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS.0\system32\usmt\migwiz.exe" = C:\WINDOWS.0\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Dad\My Documents\My Games\Classic 3D Shooters MEGA PACK\Shadow Warrior (JFShadowWarrior)\sw.exe" = C:\Documents and Settings\Dad\My Documents\My Games\Classic 3D Shooters MEGA PACK\Shadow Warrior (JFShadowWarrior)\sw.exe:*:Disabled:sw -- File not found
"C:\Program Files\MoRUN.net\FreeSN\freesn.exe" = C:\Program Files\MoRUN.net\FreeSN\freesn.exe:*:Enabled:Free Sticky Notes -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- File not found
"C:\Documents and Settings\Dad.HOME-2D0F984206\Desktop\utorrent.exe" = C:\Documents and Settings\Dad.HOME-2D0F984206\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\My Consoles\PC Related\Left 4 Dead\left4dead.exe" = C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\My Consoles\PC Related\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Games\Left 4 Dead\left4dead.exe" = C:\Games\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Disabled:Halo -- File not found
"C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Classic 3D Shooters MEGA PACK\Shadow Warrior (JFShadowWarrior)\sw.exe" = C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Classic 3D Shooters MEGA PACK\Shadow Warrior (JFShadowWarrior)\sw.exe:*:Disabled:sw -- File not found
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\fs2\FS2\FS2.exe" = C:\fs2\FS2\FS2.exe:*:Disabled:FreeSpace -- File not found
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Classic 3D Shooters MEGA PACK\Shadow Warrior (SWP)\SWP.exe" = C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Classic 3D Shooters MEGA PACK\Shadow Warrior (SWP)\SWP.exe:*:Disabled:SWP -- File not found
"C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Classic 3D Shooters MEGA PACK\st-v097d3_windows\IdeSE.exe" = C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Classic 3D Shooters MEGA PACK\st-v097d3_windows\IdeSE.exe:*:Disabled:IdeSE -- File not found
"C:\Left 4 Dead 2\left4dead2.exe" = C:\Left 4 Dead 2\left4dead2.exe:*:Disabled:left4dead2 -- File not found
"C:\Games\Left 4 Dead\hl2.exe" = C:\Games\Left 4 Dead\hl2.exe:*:Disabled:hl2 -- File not found
"C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Disabled:BattlefrontII -- File not found
":\WINDOWS.0\TEMP\BN34.tmp " = :\WINDOWS.0\TEMP\BN34.tmp :*:Enabled:Microsoft Office
":\WINDOWS.0\TEMP\BN35.tmp " = :\WINDOWS.0\TEMP\BN35.tmp :*:Enabled:Microsoft Office
":\WINDOWS.0\TEMP\BN43.tmp " = :\WINDOWS.0\TEMP\BN43.tmp :*:Enabled:Microsoft Office
":\WINDOWS.0\TEMP\BN53.tmp " = :\WINDOWS.0\TEMP\BN53.tmp :*:Enabled:Microsoft Office
":\WINDOWS.0\TEMP\BN12.tmp " = :\WINDOWS.0\TEMP\BN12.tmp :*:Enabled:Microsoft Office
":\WINDOWS.0\TEMP\BN4.tmp " = :\WINDOWS.0\TEMP\BN4.tmp :*:Enabled:Microsoft Office
":\WINDOWS.0\TEMP\BN5.tmp " = :\WINDOWS.0\TEMP\BN5.tmp :*:Enabled:Microsoft Office
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{54E4B63C-D252-454C-BE4F-468F102B331C}" = Adobe Shockwave Player
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6DE7A046-E66F-49B8-93C9-21378D9B0F24}" = Cisco Network Magic
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+(TM) for Windows® System - ATI
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{BA3BC81F-0035-4D62-8AB4-6F83D7C1F480}" = Tweak-XP Pro
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D14ED2E1-C75B-443c-BD7C-333333333303}_is1" = PC Wizard 2008 2008.1.8.4
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB5CB59C-D4F6-4303-A414-83D533EE773B}" = Pure Networks Platform
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.03
"avast!" = avast! Antivirus
"CPLBonus" = Kels' CPL Bonus Pack!
"DivX Setup.divx.com" = DivX Setup
"GameSpy Arcade" = GameSpy Arcade
"Graboid Video" = Graboid Video 1.65
"Hide IP Platinum_is1" = Hide IP Platinum 3.2
"HijackThis" = HijackThis 1.99.1
"InstallShield_{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center 9.13
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Runic Games Torchlight" = Torchlight
"Shockwave" = Shockwave
"Spyware Doctor" = Spyware Doctor 6.0
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Dad
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 04/10/2010 13:19:36 | Computer Name = HOME-2D0F984206 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\emulator programs\GBA Roms ZIpped\The Simpsons Road Rage gba.exe failed, 0000001E.


Error - 04/10/2010 15:03:32 | Computer Name = HOME-2D0F984206 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\setup.exe failed, 0000001E.

Error - 08/11/2009 09:14:36 | Computer Name = HOME-2D0F984206 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\Autorun.inf failed, 0000A420.

Error - 08/11/2009 09:16:34 | Computer Name = HOME-2D0F984206 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\AUTORUN.EXE failed, 0000001E.

Error - 20/12/2010 08:32:56 | Computer Name = HOME-2D0F984206 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\tnpcacheengine.exe failed, 0000001E.

Error - 21/02/2010 21:17:42 | Computer Name = HOME-2D0F984206 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\Satellite TV for PC Elite Edition-2006\Satellite TV for PC Elite Edition-2006\Satellite
TV for PC Elite Edition Members Only Area_files\index.1.jpg failed, 0000A420.

Error - 09/05/2010 00:35:26 | Computer Name = HOME-2D0F984206 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\OblivionLauncher.exe failed, 0000001E.

Error - 09/05/2010 09:03:08 | Computer Name = HOME-2D0F984206 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\OblivionLauncher.exe failed, 0000A474.

[ Application Events ]
Error - 21/10/2009 09:41:48 | Computer Name = HOME-2D0F984206 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/10/2009 09:44:06 | Computer Name = HOME-2D0F984206 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/10/2009 09:44:13 | Computer Name = HOME-2D0F984206 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/10/2009 06:31:48 | Computer Name = HOME-2D0F984206 | Source = Application Error | ID = 1000
Description = Faulting application halo2.exe, version 1.0.0.11081, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 24/10/2009 00:29:58 | Computer Name = HOME-2D0F984206 | Source = Application Error | ID = 1000
Description = Faulting application atimmc.exe, version 9.16.0.1, faulting module
msvfw32.dll, version 5.1.2600.5512, fault address 0x000026d2.

Error - 24/10/2009 00:30:04 | Computer Name = HOME-2D0F984206 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 24/10/2009 00:30:42 | Computer Name = HOME-2D0F984206 | Source = Application Hang | ID = 1002
Description = Hanging application ATIMMC.exe, version 9.16.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/10/2009 13:41:35 | Computer Name = HOME-2D0F984206 | Source = Application Error | ID = 1000
Description = Faulting application halo2.exe, version 1.0.0.11081, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 25/10/2009 07:33:12 | Computer Name = HOME-2D0F984206 | Source = Application Error | ID = 1000
Description = Faulting application gta_sa.exe, version 0.0.0.0, faulting module
gta_sa.exe, version 0.0.0.0, fault address 0x00346929.

Error - 27/10/2009 19:59:07 | Computer Name = HOME-2D0F984206 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]
Error - 20/12/2010 08:33:54 | Computer Name = HOME-2D0F984206 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20/12/2010 08:39:12 | Computer Name = HOME-2D0F984206 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20/12/2010 08:39:15 | Computer Name = HOME-2D0F984206 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20/12/2010 08:39:17 | Computer Name = HOME-2D0F984206 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 20/12/2010 08:39:24 | Computer Name = HOME-2D0F984206 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/12/2010 08:04:48 | Computer Name = HOME-2D0F984206 | Source = Service Control Manager | ID = 7000
Description = The Audio Service service failed to start due to the following error:
%%3

Error - 21/12/2010 09:53:38 | Computer Name = HOME-2D0F984206 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 21/12/2010 14:52:56 | Computer Name = HOME-2D0F984206 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer HP Photosmart C3100 series
share name HPPrinter.

Error - 21/12/2010 14:53:02 | Computer Name = HOME-2D0F984206 | Source = Service Control Manager | ID = 7000
Description = The Audio Service service failed to start due to the following error:
%%3

Error - 22/12/2010 07:58:36 | Computer Name = HOME-2D0F984206 | Source = Service Control Manager | ID = 7000
Description = The Audio Service service failed to start due to the following error:
%%3


< End of report >


jmrnd82b

Unborn
Unborn

Posts : 4
Joined : 2010-07-13
Operating System : xp

View user profile

Back to top Go down

Con't bn9.tmp infection

Post by jmrnd82b on Tue 13 Jul 2010, 1:26 am

OTL logfile created on: 12/07/2010 10:46:37 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 3140 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 17.54 Gb Free Space | 7.53% Space Free | Partition Type: NTFS
Drive D: | 1.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-2D0F984206
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/12 10:45:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Downloads\OTL.exe
PRC - [2010/07/12 04:40:57 | 000,030,208 | ---- | M] (eSXi) -- C:\WINDOWS.0\Temp\63230cef.tmp
PRC - [2010/07/07 01:50:05 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/28 23:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/05/19 15:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/05 17:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 17:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 17:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 17:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 17:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/09/14 19:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2007/12/14 14:26:40 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2006/10/31 21:25:26 | 000,026,624 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\AtiSched.exe
PRC - [2006/10/31 21:24:18 | 000,057,344 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2002/09/13 01:00:00 | 000,028,672 | ---- | M] (Totalidea Software GmbH) -- C:\Program Files\Tweak-XP Pro\transtask.exe


========== Modules (SafeList) ==========

MOD - [2010/07/12 10:45:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 23:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/20 10:23:58 | 000,005,904 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS.0\system32\Autoexnt.exe -- (AutoExNT)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 15:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/05 17:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 17:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 17:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 17:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/10/09 13:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/09/14 19:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/06/13 16:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2007/12/14 14:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS.0\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/06/24 20:00:31 | 000,210,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\ndis.sys -- (NDIS)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/23 01:29:34 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2010/04/06 23:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/22 21:12:04 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS.0\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2009/08/22 21:08:18 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/01 02:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/02/05 17:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS.0\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 17:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS.0\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 17:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS.0\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 17:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS.0\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 17:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 17:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS.0\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/12/12 18:16:14 | 000,010,431 | ---- | M] (AR Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ramdisk.sys -- (ramdisk)
DRV - [2008/09/14 19:36:56 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/14 19:36:54 | 000,025,272 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS.0\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/08/25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 21:10:28 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 18:49:44 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 16:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/28 15:21:16 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2005/06/14 21:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/03 14:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 12:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/12/03 07:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2001/12/19 15:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Program Files\System\CPL Bonus\vcdrom.sys -- (vcdrom)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS.0\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 10:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.0.53.0
FF - prefs.js..extensions.enabledItems: {35b675b9-7f34-40df-8f49-5fab6b7e4aef}:2.0.4.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.0.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={36E058FB-7ED7-2A27-485D-93BD298ACDBA}&q="
FF - prefs.js..keyword.defaultURL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={36E058FB-7ED7-2A27-485D-93BD298ACDBA}&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/09 00:26:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 10:42:27 | 000,000,000 | ---D | M]

[2009/06/13 21:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Extensions
[2010/06/26 19:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions
[2010/05/12 00:21:35 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/05/15 11:45:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/17 01:21:52 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2009/06/14 01:32:46 | 000,000,000 | ---D | M] (Demonoid Toolbar) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{35b675b9-7f34-40df-8f49-5fab6b7e4aef}
[2009/08/24 02:22:11 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/07/22 10:01:17 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/05/02 11:18:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/21 01:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/04/19 01:56:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/06/27 01:36:43 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/04/19 01:56:23 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/06/26 19:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\battlefieldheroespatcher@ea.com
[2009/06/15 12:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\iaplayer@instantaction.com
[2010/04/27 01:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\personas@christopher.beard
[2010/04/19 01:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\extensions\smarterwiki@wikiatic.com
[2009/08/18 20:20:38 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\searchplugins\ask.xml
[2009/07/07 13:01:56 | 000,002,169 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\searchplugins\inbox-search.xml
[2009/06/28 03:07:08 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Mozilla\Firefox\Profiles\8l13xg7k.default\searchplugins\live-search.xml
[2010/07/12 10:31:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 10:31:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/01/23 03:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/07/12 10:31:00 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/15 20:53:54 | 000,001,351 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009/06/27 01:36:43 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/06/27 01:36:44 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/06/20 10:37:29 | 000,000,736 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll File not found
O2 - BHO: (adShotHlpr Object) - {C5730D5B-7805-448E-BA6D-304EFAF52A22} - C:\WINDOWS.0\System32\qyxzt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS.0\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKCU..\Run: [ATI Launchpad] File not found
O4 - HKCU..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\AtiSched.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [BlockAds] File not found
O4 - HKCU..\Run: [TransparentIcons] File not found
O4 - HKCU..\Run: [TransTask] C:\Program Files\Tweak-XP Pro\transtask.exe (Totalidea Software GmbH)
O4 - HKCU..\Run: [Tweak-XP] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS.0\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/08 13:16:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/04 06:33:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2006/02/04 06:33:04 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/01/30 23:56:47 | 000,942,080 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2006/02/04 07:03:19 | 000,000,161 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{b93ccb35-5c96-11de-8f9e-00123fa4a66a}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe
O33 - MountPoints2\{b93ccb35-5c96-11de-8f9e-00123fa4a66a}\Shell\OpEn\CoMMaNd - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: avast! - hkey= - key= - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: nmapp - hkey= - key= - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
MsConfig - StartUpReg: nmctxth - hkey= - key= - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0



ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS.0\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS.0\system32\Rundll32.exe c:\WINDOWS.0\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS.0\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS.0\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS.0\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS.0\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS.0\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS.0\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS.0\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS.0\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS.0\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS.0\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS.0\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS.0\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS.0\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS.0\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FFDS - C:\WINDOWS.0\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS.0\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS.0\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS.0\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS.0\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS.0\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS.0\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS.0\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS.0\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS.0\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/19 11:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Recipes
[2010/12/15 04:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\SoftwareDistribution
[2010/12/13 23:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Documents\EA Games
[2010/12/13 23:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2010/12/13 23:02:19 | 000,445,504 | R--- | C] (On2.com) -- C:\WINDOWS.0\System32\vp6vfw.dll
[2010/12/06 02:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Desktop
[2010/10/19 09:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Games
[2010/10/19 09:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Microsoft
[2010/10/08 01:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\fltk.org
[2010/10/07 08:56:24 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\ptpusd.dll
[2010/10/07 08:56:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\ptpusb.dll
[2010/10/07 02:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\SoftwareDistribution
[2010/09/26 10:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\Lucasarts
[2010/09/23 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\ARrea 51
[2010/09/17 18:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Aspyr Media, Inc
[2010/09/17 11:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Nero
[2010/09/17 11:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Downloads\7ZipSfx.000\7zSD07.tmp\Desktop\my E-books
[2010/07/12 10:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/12 10:31:22 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS.0\System32\javacpl.cpl
[2010/07/12 10:31:21 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS.0\System32\javaws.exe
[2010/07/12 10:31:21 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS.0\System32\javaw.exe
[2010/07/12 10:31:21 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS.0\System32\java.exe
[2010/07/10 22:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\V-Safe 100
[2010/07/10 14:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\My Battle for Middle-earth(tm) II Files
[2010/07/09 03:34:16 | 000,000,000 | ---D | C] -- C:\acquired
[2010/07/08 02:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Malwarebytes
[2010/07/08 02:37:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys
[2010/07/08 02:37:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys
[2010/07/08 02:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
[2010/07/08 02:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 01:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\Temp
[2010/06/27 23:44:07 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxinsi64.exe
[2010/06/27 23:44:07 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxcpyi64.exe
[2010/06/27 23:44:07 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxcpya64.exe
[2010/06/27 23:44:07 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\drivers\cdralw2k.sys
[2010/06/27 23:44:07 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\drivers\cdr4_xp.sys
[2010/06/27 23:44:06 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxsfs.dll
[2010/06/27 23:44:06 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\px.dll
[2010/06/27 23:44:06 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxdrv.dll
[2010/06/27 23:44:06 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxwave.dll
[2010/06/27 23:44:06 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxmas.dll
[2010/06/27 23:44:06 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxafs.dll
[2010/06/27 23:44:06 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\vxblock.dll
[2010/06/27 23:44:06 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxhpinst.exe
[2010/06/27 23:44:06 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS.0\System32\pxinsa64.exe
[2010/06/27 23:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/06/27 17:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\Fallout3
[2010/06/27 17:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Fallout3
[2010/06/27 17:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2010/06/27 17:35:23 | 000,043,520 | ---- | C] (piqkmxls) -- C:\Documents and Settings\Dad.HOME-2D0F984206\hhpvgqva.exe
[2010/06/27 16:48:17 | 000,000,000 | ---D | C] -- C:\45272b7305e210ae17b3a2846654
[2010/06/27 07:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\My Pics
[2010/06/26 20:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\runic games
[2010/06/26 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Runic Games
[2010/06/26 20:30:19 | 000,000,000 | ---D | C] -- C:\175456f6e8ac1d205511c41e69eeb906
[2010/06/24 21:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Sky-Banners
[2010/06/24 21:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Street-Ads
[2010/06/24 20:00:28 | 000,043,520 | ---- | C] (piqkmxls) -- C:\WINDOWS.0\System32\hhpvgqva.exe
[2010/06/24 07:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Downloads\7ZipSfx.000\7zSD07.tmp\Desktop\checkdisk help_files
[2010/06/23 10:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator
[2010/06/23 10:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\Downloaded Installations
[2010/06/23 03:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\HD Tune Pro
[2010/06/22 14:36:28 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\vmm32
[2010/06/22 07:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tweak-XP Pro
[2010/06/21 20:01:28 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/06/19 03:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\ie7updates
[2010/06/18 16:49:17 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\dllcache\atmfd.dll
[2010/06/18 16:49:13 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\vbscript.dll
[2010/06/18 16:48:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\asycfilt.dll
[2010/06/18 16:48:40 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\iepeers.dll
[2010/06/18 16:48:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\corpol.dll
[2010/06/18 16:48:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\ieencode.dll
[2010/06/18 16:44:40 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\jscript.dll
[2010/06/18 14:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Command and Conquer 3 Tiberium Wars
[2010/06/18 14:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Command and Conquer 3 Tiberium Wars
[2010/06/18 13:47:25 | 000,000,000 | ---D | C] -- C:\Command & Conquer 3
[2010/06/18 01:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Rockstar Games
[2010/06/17 02:32:39 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\SxsCaPendDel
[2010/06/16 16:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Motive
[2010/06/16 16:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/06/16 16:13:17 | 000,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\jit.dll
[2010/06/16 16:13:17 | 000,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\javaee.dll
[2010/06/16 16:13:17 | 000,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\setdebug.exe
[2010/06/16 16:13:16 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dx3j.dll
[2010/06/16 16:13:10 | 000,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\vmhelper.dll
[2010/06/16 16:13:10 | 000,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\wjview.exe
[2010/06/16 16:13:10 | 000,154,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\msawt.dll
[2010/06/16 16:13:10 | 000,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\msjdbc10.dll
[2010/06/16 16:13:09 | 000,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\javart.dll
[2010/06/16 16:13:09 | 000,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\javacypt.dll
[2010/06/16 16:13:09 | 000,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\jview.exe
[2010/06/16 16:13:09 | 000,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\javaprxy.dll
[2010/06/16 16:13:09 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\jdbgmgr.exe
[2010/06/16 16:13:08 | 000,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\clspack.exe
[3 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
[1 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]


jmrnd82b

Unborn
Unborn

Posts : 4
Joined : 2010-07-13
Operating System : xp

View user profile

Back to top Go down

Re: infected with bn9.tmp

Post by jmrnd82b on Tue 13 Jul 2010, 1:27 am

========== Files - Modified Within 30 Days ==========

[2010/12/21 20:44:38 | 000,000,460 | ---- | M] () -- C:\WINDOWS.0\cdiemu.ini
[2010/12/16 08:36:17 | 000,000,533 | ---- | M] () -- C:\WINDOWS.0\Tcsofla.INI
[2010/10/07 02:30:51 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\fusioncache.dat
[2010/09/17 10:37:19 | 000,012,496 | ---- | M] () -- C:\WINDOWS.0\MSPuzzle.dat
[2010/07/12 11:00:58 | 000,000,404 | ---- | M] () -- C:\WINDOWS.0\tasks\0.job
[2010/07/12 10:59:07 | 000,823,808 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\lkqgqec.sys
[2010/07/12 10:55:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1004336348-1177238915-1004UA.job
[2010/07/12 10:42:29 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Adobe Reader 9.lnk
[2010/07/12 10:31:00 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS.0\System32\javaws.exe
[2010/07/12 10:31:00 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS.0\System32\javaw.exe
[2010/07/12 10:30:59 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS.0\System32\deployJava1.dll
[2010/07/12 10:30:59 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS.0\System32\java.exe
[2010/07/12 10:30:59 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS.0\System32\javacpl.cpl
[2010/07/12 10:17:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS.0\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/12 04:39:03 | 000,000,434 | ---- | M] () -- C:\WINDOWS.0\tasks\RegCure Program Check.job
[2010/07/12 04:39:03 | 000,000,308 | -H-- | M] () -- C:\WINDOWS.0\tasks\e96b773f.job
[2010/07/12 04:39:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT
[2010/07/12 04:38:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2010/07/12 01:55:04 | 000,000,950 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1004336348-1177238915-1004Core.job
[2010/07/11 23:57:28 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/07/11 20:00:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS.0\tasks\At1.job
[2010/07/11 04:42:09 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\ntuser.dat
[2010/07/11 04:42:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\ntuser.ini
[2010/07/11 03:09:28 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 14:23:35 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\The Battle for Middle-earth (tm) II.lnk
[2010/07/08 10:53:45 | 000,002,228 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2010/07/08 04:00:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS.0\tasks\RegCure.job
[2010/07/08 02:37:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/07 03:08:08 | 000,000,328 | ---- | M] () -- C:\WINDOWS.0\System32\Oeminfo.ini
[2010/07/07 01:52:28 | 000,002,364 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/02 08:50:02 | 000,297,256 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2010/07/02 05:40:03 | 000,000,360 | ---- | M] () -- C:\WINDOWS.0\tasks\Install_NSS.job
[2010/07/02 03:26:42 | 000,095,528 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/27 23:44:32 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\DivX Plus Player.lnk
[2010/06/27 23:43:58 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\DivX Plus Converter.lnk
[2010/06/27 17:35:23 | 000,043,520 | ---- | M] (piqkmxls) -- C:\Documents and Settings\Dad.HOME-2D0F984206\hhpvgqva.exe
[2010/06/24 20:01:16 | 000,051,200 | ---- | M] () -- C:\WINDOWS.0\System32\ernel32.dll
[2010/06/24 20:01:15 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\e96b773f.exe
[2010/06/24 20:00:31 | 000,210,816 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\ndis.sys
[2010/06/24 20:00:31 | 000,210,816 | ---- | M] () -- C:\WINDOWS.0\System32\dllcache\ndis.sys
[2010/06/24 20:00:28 | 000,043,520 | ---- | M] (piqkmxls) -- C:\WINDOWS.0\System32\hhpvgqva.exe
[2010/06/23 03:05:43 | 000,501,694 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI
[2010/06/23 03:05:43 | 000,441,552 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2010/06/23 03:05:43 | 000,071,488 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2010/06/23 00:47:03 | 004,072,762 | -H-- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\IconCache.db
[2010/06/20 10:23:59 | 000,000,175 | ---- | M] () -- C:\WINDOWS.0\System32\Autoexnt.bat
[2010/06/20 10:23:58 | 000,005,904 | ---- | M] () -- C:\WINDOWS.0\System32\Autoexnt.exe
[2010/06/20 10:23:58 | 000,002,364 | ---- | M] () -- C:\WINDOWS.0\System32\1.reg
[2010/06/20 10:23:58 | 000,002,320 | ---- | M] () -- C:\WINDOWS.0\System32\Servmess.dll
[2010/06/20 10:23:52 | 000,034,064 | ---- | M] () -- C:\WINDOWS.0\System32\Instexnt.exe
[2010/06/19 03:16:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS.0\imsins.BAK
[2010/06/17 02:49:21 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/06/17 02:49:15 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/16 02:00:51 | 000,005,220 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\wklnhst.dat
[2010/06/14 07:34:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[3 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
[1 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/07 02:30:51 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Local Settings\Application Data\fusioncache.dat
[2010/09/17 03:04:27 | 000,000,214 | ---- | C] () -- C:\WINDOWS.0\FUJIGOLF.INI
[2010/09/16 10:59:47 | 000,001,327 | ---- | C] () -- C:\WINDOWS.0\EntPack.dat
[2010/07/12 10:42:29 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Adobe Reader 9.lnk
[2010/07/10 14:23:35 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\The Battle for Middle-earth (tm) II.lnk
[2010/07/08 02:37:57 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/07 01:52:28 | 000,002,364 | ---- | C] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/07 01:50:11 | 000,001,002 | ---- | C] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1004336348-1177238915-1004UA.job
[2010/07/07 01:50:10 | 000,000,950 | ---- | C] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1004336348-1177238915-1004Core.job
[2010/06/27 23:44:32 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\DivX Plus Player.lnk
[2010/06/27 23:43:58 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\DivX Plus Converter.lnk
[2010/06/27 23:40:29 | 000,000,360 | ---- | C] () -- C:\WINDOWS.0\tasks\Install_NSS.job
[2010/06/24 20:01:16 | 000,051,200 | ---- | C] () -- C:\WINDOWS.0\System32\ernel32.dll
[2010/06/24 20:01:16 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\e96b773f.exe
[2010/06/24 20:01:05 | 000,823,808 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\lkqgqec.sys
[2010/06/24 20:00:31 | 000,210,816 | ---- | C] () -- C:\WINDOWS.0\System32\dllcache\ndis.sys
[2010/06/21 20:01:01 | 000,000,256 | -H-- | C] () -- C:\WINDOWS.0\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/21 20:00:51 | 000,000,308 | -H-- | C] () -- C:\WINDOWS.0\tasks\e96b773f.job
[2010/06/21 04:26:24 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\ntuser.dat
[2010/06/21 03:32:36 | 000,000,378 | ---- | C] () -- C:\WINDOWS.0\tasks\At1.job
[2010/06/20 10:33:30 | 000,034,064 | ---- | C] () -- C:\WINDOWS.0\System32\Instexnt.exe
[2010/06/20 10:33:30 | 000,005,904 | ---- | C] () -- C:\WINDOWS.0\System32\Autoexnt.exe
[2010/06/20 10:33:30 | 000,002,364 | ---- | C] () -- C:\WINDOWS.0\System32\1.reg
[2010/06/20 10:33:30 | 000,002,320 | ---- | C] () -- C:\WINDOWS.0\System32\Servmess.dll
[2010/06/20 10:33:30 | 000,000,175 | ---- | C] () -- C:\WINDOWS.0\System32\Autoexnt.bat
[2010/06/19 22:10:07 | 000,000,404 | ---- | C] () -- C:\WINDOWS.0\tasks\0.job
[2010/06/17 02:49:21 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/06/17 02:49:15 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/16 16:13:17 | 000,007,315 | ---- | C] () -- C:\WINDOWS.0\System32\javasup.vxd
[2010/06/16 16:13:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS.0\jautoexp.dat
[2010/06/16 16:13:11 | 000,000,113 | ---- | C] () -- C:\WINDOWS.0\System32\zonedon.reg
[2010/06/16 16:13:11 | 000,000,113 | ---- | C] () -- C:\WINDOWS.0\System32\zonedoff.reg
[2010/04/23 01:29:34 | 000,033,824 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\oreans32.sys
[2009/12/23 09:48:15 | 000,025,272 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\purendis.sys
[2009/11/20 02:30:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS.0\cdiemu.ini
[2009/11/06 14:18:56 | 000,000,533 | ---- | C] () -- C:\WINDOWS.0\Tcsofla.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS.0\System32\xlive.dll.cat
[2009/08/22 21:12:04 | 000,223,128 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\vaxscsi.sys
[2009/08/22 21:08:17 | 000,611,064 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\sptd.sys
[2009/07/15 15:40:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS.0\reversi.ini
[2009/07/15 15:34:15 | 000,002,381 | ---- | C] () -- C:\WINDOWS.0\ENTPACK.INI
[2009/06/14 03:47:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\ATIMMC.INI
[2009/06/14 02:38:18 | 000,077,824 | R--- | C] () -- C:\WINDOWS.0\System32\HPZIDS01.dll
[2009/06/13 21:25:49 | 000,164,352 | ---- | C] () -- C:\WINDOWS.0\System32\unrar.dll
[2009/06/13 21:25:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS.0\avisplitter.ini
[2009/06/13 21:25:46 | 000,755,027 | ---- | C] () -- C:\WINDOWS.0\System32\xvidcore.dll
[2009/06/13 21:25:46 | 000,159,839 | ---- | C] () -- C:\WINDOWS.0\System32\xvidvfw.dll
[2009/06/13 21:25:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS.0\System32\qt-dx331.dll
[2009/06/13 21:25:43 | 000,007,680 | ---- | C] () -- C:\WINDOWS.0\System32\ff_vfw.dll
[2009/06/13 21:25:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS.0\System32\ff_vfw.dll.manifest
[2009/06/13 14:06:37 | 000,057,600 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\redbook.sys
[2009/05/01 02:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS.0\System32\lvcoinst.ini
[2008/12/12 18:17:03 | 000,210,944 | ---- | C] () -- C:\WINDOWS.0\System32\msvcrt10.dll
[2008/10/14 08:27:48 | 000,000,328 | ---- | C] () -- C:\WINDOWS.0\System32\Oeminfo.ini
[2008/04/13 23:42:20 | 000,034,817 | ---- | C] () -- C:\WINDOWS.0\System32\tasrtli.dll
[2008/04/13 18:50:38 | 000,210,816 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\ndis.sys
[2008/04/13 18:49:44 | 000,075,264 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\ipsec.sys
[2004/01/28 15:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS.0\System32\atiyuv12.dll
[2004/01/28 15:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS.0\System32\Iyvu9_32.dll
[2004/01/28 15:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS.0\System32\vctest.ini
[2001/08/23 08:00:00 | 000,693,792 | ---- | C] () -- C:\WINDOWS.0\System32\OGACheckControl.DLL
[2001/07/07 07:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS.0\System32\hptcpmon.ini
[2000/11/24 17:05:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS.0\System32\CPUINFO2.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 14:20:36 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.0\system32\iepeers.dll
[2008/04/13 23:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.0\system32\msvbvm60.dll
[1 C:\WINDOWS.0\system32\*.tmp files -> C:\WINDOWS.0\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS.0\system32\*.tmp files -> C:\WINDOWS.0\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/12 11:04:26 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS.0\system32\drivers\lkqgqec.sys
[2010/06/24 20:00:31 | 000,210,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS.0\system32\drivers\ndis.sys
[2008/09/14 19:36:54 | 000,025,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS.0\system32\drivers\purendis.sys
[2009/08/22 21:08:18 | 000,611,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS.0\system32\drivers\sptd.sys
[2009/08/22 21:12:04 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS.0\system32\drivers\vaxscsi.sys

< %systemroot%\System32\config\*.sav >
[2009/06/13 13:42:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS.0\system32\config\default.sav
[2009/06/13 13:42:56 | 001,089,536 | ---- | M] () -- C:\WINDOWS.0\system32\config\software.sav
[2009/06/13 13:42:56 | 000,913,408 | ---- | M] () -- C:\WINDOWS.0\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2001/08/23 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS.0\system32\ansi.sys
[2001/08/23 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS.0\system32\country.sys
[2001/08/23 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS.0\system32\himem.sys
[2001/08/23 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS.0\system32\key01.sys
[2008/04/13 16:20:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS.0\system32\keyboard.sys
[2001/08/23 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS.0\system32\ntdos.sys
[2001/08/23 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS.0\system32\ntdos404.sys
[2001/08/23 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS.0\system32\ntdos411.sys
[2001/08/23 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS.0\system32\ntdos412.sys
[2001/08/23 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS.0\system32\ntdos804.sys
[2008/04/13 16:19:40 | 000,033,840 | ---- | M] () -- C:\WINDOWS.0\system32\ntio.sys
[2008/04/13 16:19:44 | 000,034,560 | ---- | M] () -- C:\WINDOWS.0\system32\ntio404.sys
[2008/04/13 16:19:40 | 000,035,648 | ---- | M] () -- C:\WINDOWS.0\system32\ntio411.sys
[2008/04/13 16:19:44 | 000,035,424 | ---- | M] () -- C:\WINDOWS.0\system32\ntio412.sys
[2008/04/13 16:19:42 | 000,034,560 | ---- | M] () -- C:\WINDOWS.0\system32\ntio804.sys
[2008/04/13 18:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\watchdog.sys
[2010/05/02 12:04:16 | 001,860,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\win32k.sys
[1 C:\WINDOWS.0\system32\*.tmp files -> C:\WINDOWS.0\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2010/04/06 22:15:20 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS.0\system32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/06/08 13:16:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/08 22:48:01 | 000,000,227 | RHS- | M] () -- C:\boot.ini
[2008/06/08 13:16:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2009/07/29 19:31:48 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/06/08 13:16:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/12 10:33:27 | 000,006,435 | ---- | M] () -- C:\JavaRa.log
[2009/03/21 11:06:58 | 000,098,818 | -HS- | M] () -- C:\log1.txt
[2009/03/21 11:06:58 | 000,000,547 | -HS- | M] () -- C:\log5.txt
[2008/06/08 13:16:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/13 16:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/13 18:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/12 04:38:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/11 23:57:28 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/02/26 05:04:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/27 04:33:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/27 19:05:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/19 16:13:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/31 03:56:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/16 03:11:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/21 17:02:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/07 16:00:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/07 16:06:02 | 000,000,208 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/07 16:10:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/25 22:31:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/10 20:41:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/12/17 18:20:00 | 000,000,304 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/12/17 19:40:04 | 000,000,292 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/01/16 22:17:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/02/03 04:57:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/02/05 19:09:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/22 01:08:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/02/23 13:09:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/02/25 04:33:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/02/26 05:04:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/27 04:33:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/27 19:05:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/19 16:13:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/31 03:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/16 03:11:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/21 17:02:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/07 16:00:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/07 16:06:02 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/07 16:10:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/25 22:31:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/10 20:41:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/12/17 18:20:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/12/17 19:40:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/01/16 22:17:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/02/03 04:57:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/02/05 19:09:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/22 01:08:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/23 13:09:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/02/25 04:33:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/06/17 02:09:37 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2009/11/06 14:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2010/07/12 10:42:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/06/25 12:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2008/06/08 11:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/05/31 07:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/05/08 19:10:12 | 000,000,000 | ---D | M] -- C:\Program Files\ARrea 51
[2009/07/04 21:48:38 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2010/09/17 18:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Aspyr Media, Inc
[2008/06/08 22:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Multimedia
[2010/05/12 00:15:33 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/08/12 15:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\AutoShutdown
[2010/06/04 11:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2010/06/27 17:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2008/08/08 17:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2010/04/05 09:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\booddanet
[2008/07/24 01:01:47 | 000,000,000 | ---D | M] -- C:\Program Files\Codec Pack - All In 1
[2009/04/20 11:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2010/07/12 10:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/06/08 15:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2008/06/08 09:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/10/06 11:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\Datel
[2008/06/08 13:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/08/09 03:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/06/08 11:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Delux
[2008/12/21 13:09:17 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/06/27 23:44:53 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/05/30 15:57:14 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2009/01/01 23:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\Doom 3
[2010/05/08 19:20:11 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2008/08/28 09:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\Eidos Interactive
[2010/07/10 13:56:31 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2008/11/23 23:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\Fellowes
[2009/02/07 20:30:27 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy
[2009/09/06 15:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2008/06/08 22:25:27 | 000,000,000 | ---D | M] -- C:\Program Files\Gemstar
[2010/04/14 09:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/08/10 00:30:29 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2010/06/24 01:20:44 | 000,000,000 | ---D | M] -- C:\Program Files\HDD Regenerator
[2008/10/18 20:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/04/03 18:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\Hide IP Platinum
[2008/08/26 12:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/06/13 14:07:11 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2008/10/16 12:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2010/06/27 17:39:36 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/06/08 13:40:29 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/02/26 04:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Intelligent Shutdown
[2010/06/21 20:00:20 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/06/19 03:20:02 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2008/08/11 15:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\IVT Corporation
[2010/07/12 10:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/13 21:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/10/20 00:36:41 | 000,000,000 | ---D | M] -- C:\Program Files\LClock
[2009/11/28 03:31:10 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/05/08 19:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2010/07/08 02:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/06 11:25:44 | 000,000,000 | ---D | M] -- C:\Program Files\Max Media Creator
[2008/08/31 19:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/07/31 17:06:21 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/06/21 17:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/09/28 03:00:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/06/08 13:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/06/17 02:39:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/01/23 11:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/06/13 21:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/02/26 08:26:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/06/15 10:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/06/15 07:04:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/05/09 13:32:29 | 000,000,000 | ---D | M] -- C:\Program Files\Midway Home Entertainment
[2009/06/07 13:24:03 | 000,000,000 | ---D | M] -- C:\Program Files\MoRUN.net
[2010/04/04 03:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/10 00:30:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/07/12 04:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/06/08 10:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\msaccrt
[2008/10/13 02:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/06/15 21:04:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/06/08 13:13:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/06/09 08:57:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/06/13 21:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/06/13 21:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/03/24 01:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\OJOsoft
[2008/06/08 13:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 00:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/10/13 09:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2009/11/28 03:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/05/11 22:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\PC Wizard 2008
[2010/04/21 07:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\PiMPWare
[2008/11/16 13:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\PQDVD
[2008/10/24 11:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2009/04/15 10:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\PSP Grader
[2010/03/16 11:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\PSP Pandora Deluxe
[2009/12/23 09:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2009/03/30 10:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTax 2008
[2010/07/02 00:26:53 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTax 2009
[2010/04/17 10:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/10/13 02:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/11/11 16:41:57 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2010/06/02 01:01:22 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games
[2010/06/26 20:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Runic Games
[2010/03/12 11:58:34 | 000,000,000 | ---D | M] -- C:\Program Files\Scythe Physics Editor
[2008/06/08 13:32:17 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2008/09/17 11:30:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2008/11/11 03:42:06 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/27 01:43:23 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/06/09 00:52:50 | 000,000,000 | ---D | M] -- C:\Program Files\StickyNote
[2008/07/23 09:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2009/06/13 21:15:54 | 000,000,000 | ---D | M] -- C:\Program Files\System
[2009/05/22 10:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/06/23 02:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\Tweak-XP Pro
[2010/09/20 17:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2008/06/08 10:01:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/05/14 21:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/11/10 02:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/06/21 17:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2008/06/28 15:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2009/06/21 17:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/06/28 15:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2008/06/08 10:01:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2009/06/13 21:15:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/06/13 21:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/06/13 21:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/06/08 13:15:51 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/06/13 21:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/06/08 09:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2008/11/30 10:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\X-OOM Media Center for Wii
[2008/06/08 13:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/06/17 02:09:57 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/06/13 13:57:50 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\desktop.ini
[2010/06/24 20:01:15 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\e96b773f.exe
[2010/04/13 18:44:49 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\PnkBstrK.sys
[2010/06/16 02:00:51 | 000,005,220 | ---- | M] () -- C:\Documents and Settings\Dad.HOME-2D0F984206\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/11/23 17:42:23 | 017,778,606 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/11/23 17:42:23 | 017,778,606 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\system32\dllcache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\system32\drivers\atapi.sys
[2008/04/13 21:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS.0\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/11/23 17:42:23 | 017,778,606 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/13 18:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS.0\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 23:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS.0\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/11/23 17:57:07 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS.0\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 23:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS.0\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/11/23 17:42:23 | 017,778,606 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 04:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS.0\system32\dllcache\usbstor.sys
[2008/04/14 04:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS.0\system32\drivers\USBSTOR.SYS

< MD5 for: VAXSCSI.SYS >
[2009/08/22 21:12:04 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS.0\system32\drivers\vaxscsi.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-09 06:01:44

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dad.HOME-2D0F984206\My Documents\Downloads\7ZipSfx.000\7zSD07.tmp\Desktop\listen To Sleep.pls:SummaryInformation
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP:1AAB2E68
< End of report >

jmrnd82b

Unborn
Unborn

Posts : 4
Joined : 2010-07-13
Operating System : xp

View user profile

Back to top Go down

Re: infected with bn9.tmp

Post by Belahzur on Tue 13 Jul 2010, 6:38 am

Hello.

I see a Windows crack to by-pass the activation, unless removed, then I can't help you.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: infected with bn9.tmp

Post by Sponsored content Today at 8:00 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum