Trojans and other viruses, not sure what to do!

View previous topic View next topic Go down

Trojans and other viruses, not sure what to do!

Post by TrIggA on Thu 30 Dec 2010, 4:10 am

Hi,
I recently got a TomTom GPS device for Christmas, so I went online and got some extra voices. I was careful about which sites I used, but it seems some sort of virus got through anyway. It started that day. Since then it's been spreading. I get frequent "Infected!" warnings from AVG, in which I try to remove said infections, one or two remove or are healed, the rest cannot be found. I did run a full scan with AVG, Malwarebyte's Anti-Malware, and ESET Online Scanner. The virus .exe's I know of are dwm.exe, located in two Application Data folder, one for each of two accounts. The other is conhost.exe, which I have not yet found. Ending the processes from the Task Manager just causes them to reset. Something is also going on with a proxy for Firefox, it wasn't allowing me to access the internet on another account. Any kind of help would be greatly appreciated! I don't know how much longer until it becomes inoperable, as it's getting worse constantly. One last note, I have not yet encountered this problem, but another user of this computer told me that he can't open the Task Manager unless he does it on the SECOND he logs on. This happened once before with a separate virus, and I don't doubt that it's doing it again. Probably to try to stop me from ending any of the virus processes. Thanks!

OTL Log:

Extras.Txt

OTL Extras logfile created on: 12/29/2010 11:53:21 AM - Run 1
OTL by OldTimer - Version 3.2.18.1 Folder = C:\Documents and Settings\Josh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 67.05 Gb Free Space | 22.49% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1694.74 Gb Free Space | 90.97% Space Free | Partition Type: NTFS

Computer Name: PRATT | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Documents and Settings\Rich\Local Settings\temp\0.6092204550736113.exe" = C:\Documents and Settings\Rich\Local Settings\temp\0.6092204550736113.exe:*:Enabled:Application Layer Gateway Service -- File not found
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Microsoft Windows Explorer -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe" = C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe -- (Splash Damage, Ltd.)
"C:\Documents and Settings\Josh\My Documents\Xfire\Xfire.exe" = C:\Documents and Settings\Josh\My Documents\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe" = C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) -- (Splash Damage, Ltd.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\source sdk base\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life deathmatch source\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life deathmatch source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Josh\My Documents\Steam\Steam.exe" = C:\Documents and Settings\Josh\My Documents\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life blue shift\hl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\opposing force\hl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\opposing force\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\team fortress classic\hl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life 2 deathmatch\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Josh\My Documents\Bittorrent\bittorrent.exe" = C:\Documents and Settings\Josh\My Documents\Bittorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Documents and Settings\Josh\My Documents\Sony Vegas\Actual\VegSrv80.exe" = C:\Documents and Settings\Josh\My Documents\Sony Vegas\Actual\VegSrv80.exe:*:Enabled:Sony Vegas Network Render Service Control -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FarCry2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2Editor.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2Editor.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2BenchmarkTool.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2BenchmarkTool.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2ServerLauncher.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\far cry 2\bin\FC2ServerLauncher.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\srcds\orangebox\srcds.exe" = C:\srcds\orangebox\srcds.exe:*:Enabled:srcds -- File not found
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\srcds\CSS\srcds.exe" = C:\srcds\CSS\srcds.exe:*:Enabled:srcds -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\SoftImage\Softimage_Mod_Tool_7.5\Application\bin\XSI.exe" = C:\SoftImage\Softimage_Mod_Tool_7.5\Application\bin\XSI.exe:*:Enabled:XSI -- File not found
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\all points bulletin\Binaries\APB.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\all points bulletin\Binaries\APB.exe:*:Enabled:APB All Points Bulletin -- (Realtime Worlds, Inc.)
"C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.12.game" = C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.12.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\team fortress 2\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe" = C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge -- (Westwood Studios)
"C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe" = C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe:*:Enabled:d2dbsConsole -- ()
"C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe" = C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun -- File not found
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\day of defeat source\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source -- File not found
"E:\Josh\OldGames\DOOMII\skulltag.exe" = E:\Josh\OldGames\DOOMII\skulltag.exe:*:Enabled:Skulltag -- ( )
"E:\Josh\OldGames\DOOMII\doomseeker.exe" = E:\Josh\OldGames\DOOMII\doomseeker.exe:*:Enabled:Doomseeker -- ()
"E:\Josh\OldGames\DOOMII\rcon_utility.exe" = E:\Josh\OldGames\DOOMII\rcon_utility.exe:*:Enabled:RCON_utility -- ()
"C:\Program Files\Skulltag\skulltag.exe" = C:\Program Files\Skulltag\skulltag.exe:*:Enabled:Skulltag -- ( )
"C:\Program Files\Skulltag\doomseeker.exe" = C:\Program Files\Skulltag\doomseeker.exe:*:Enabled:Doomseeker -- ()
"C:\Program Files\Skulltag\rcon_utility.exe" = C:\Program Files\Skulltag\rcon_utility.exe:*:Enabled:RCON_utility -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\source 2007 dedicated server\srcds.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\source 2007 dedicated server\srcds.exe:*:Enabled:srcds -- File not found
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\ultimate doom\ultimate + mouse.bat" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\ultimate doom\ultimate + mouse.bat:*:Enabled:The Ultimate DOOM -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\ultimate doom\ultimate.bat" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\ultimate doom\ultimate.bat:*:Enabled:The Ultimate DOOM -- ()
"E:\Josh\TeamViewer\Version4\TeamViewer.exe" = E:\Josh\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"E:\Josh\AIM\aim.exe" = E:\Josh\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (AOL LLC)
"E:\Josh\TeamViewer\Version5\TeamViewer.exe" = E:\Josh\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\company of heroes\help.htm" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- (THQ Canada Inc.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\company of heroes\RelicCOH.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Opposing Fronts -- (THQ Canada Inc.)
"E:\Josh\FMOD Designer\fmod_musicplayer.exe" = E:\Josh\FMOD Designer\fmod_musicplayer.exe:*:Enabled:fmod_musicplayer -- ()
"E:\Josh\FMOD Designer\fmod_eventplayer.exe" = E:\Josh\FMOD Designer\fmod_eventplayer.exe:*:Enabled:fmod_eventplayer -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life\hl.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\grand theft auto iv\GTAIV\LaunchGTAIV.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\grand theft auto iv\GTAIV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Documents and Settings\Josh\Local Settings\temp\ElectronicArts_Patcher_000.exe" = C:\Documents and Settings\Josh\Local Settings\temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000 -- File not found
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\counter-strike source\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\grand theft auto iv episodes from liberty city\EFLC\LaunchEFLC.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\grand theft auto iv episodes from liberty city\EFLC\LaunchEFLC.exe:*:Enabled:Grand Theft Auto: Episodes from Liberty City -- (Sony DADC Austria AG)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\grand theft auto iv episodes from liberty city\EFLC\EFLC.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\grand theft auto iv episodes from liberty city\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City -- (Take-Two Interactive Software, Inc.)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead Authoring Tools -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life source\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\half-life source\hl2.exe:*:Enabled:Half-Life: Source -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools -- ()
"C:\Documents and Settings\Rich\Local Settings\temp\0.6092204550736113.exe" = C:\Documents and Settings\Rich\Local Settings\temp\0.6092204550736113.exe:*:Enabled:Application Layer Gateway Service -- File not found
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2 -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\garrysmod\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\garrysmod\hl2.exe:*:Enabled:Garry's Mod -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\synergy dedicated server\srcds.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\synergy dedicated server\srcds.exe:*:Enabled:Synergy Dedicated Server -- ()
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\synergy\hl2.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\triggahappy64\synergy\hl2.exe:*:Enabled:Synergy -- ()
"C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe" = C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe:*:Enabled:TomTom HOME -- (Mozilla Foundation)
"C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Documents and Settings\Josh\My Documents\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Microsoft Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1DED92A7-05FA-4736-8AEA-1BE2363F1033}" = Nero 7 Essentials
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{38189804-0D18-4469-8BE6-CC16C4E1B2A5}" = WModem_Installer
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{471DCE2E-75B0-4B4F-B6B1-C4EA5A3D1E2C}" = Autodesk Softimage Mod Tool 7.5
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Create a World Tool - Beta
"{65AB08A4-56A4-4362-A9E7-F0A8D8901F80}" = WModem Driver Installer
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747A6A10-DA58-48C2-A1F0-C15514419C8A}" = Hallmark Card Studio 2008
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - Quake Wars(TM)
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1F83B10-0BEB-475f-BBA2-E235B02B9826}" = Dealio Toolbar v4.1
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3630894-093B-4E39-8491-97E0046839CC}" = GameSpy Comrade
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"AVG8Uninstall" = AVG 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Crash Course 3.2 Installer" = Crash Course 3.2 Installer
"CreataCard Gold 3" = CreataCard Gold 3
"dBpowerAMP Music Converter" = dBpoweramp Music Converter
"Dead Air Modified" = Dead Air Modified
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FMOD Designer" = FMOD Designer
"FMOD Programmers API Win32" = FMOD Programmers API Win32
"Fraps" = Fraps (remove only)
"Half-Life 2 Riot Act" = Half-Life 2 Riot Act 1.0
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Hamachi" = Hamachi 1.0.3.0
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multimedia Keyboard Driver_is1" = MultiMedia Keyboard
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Skulltag" = Skulltag
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1250" = Killing Floor
"Steam App 130" = Half-Life: Blue Shift
"Steam App 17520" = Synergy
"Steam App 19900" = Far Cry 2
"Steam App 205" = Source Dedicated Server
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 2280" = The Ultimate DOOM
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 300" = Day of Defeat: Source
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 50" = Half-Life: Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 513" = Left 4 Dead Authoring Tools Beta
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 70" = Half-Life
"SunEdit 2K Beta 7.2" = SunEdit 2K Beta 7.2
"SvenCoop" = Sven Co-op 4.0B
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"Tilt_Wheel" = Tilt Wheel Driver V1.0 20091106
"TomTom HOME" = TomTom HOME 2.8.0.2146
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = SMT5800VW User Manual
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worldcraft 3" = Worldcraft 3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XCC Utilities" = XCC Utilities 1.46
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"ShockWave V0.95" = ShockWave V0.95
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2010 3:42:29 PM | Computer Name = PRATT | Source = Application Error | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.7.0, faulting module gtaiv.exe,
version 1.0.7.0, fault address 0x004dd6ff.

Error - 12/18/2010 3:49:23 PM | Computer Name = PRATT | Source = Application Error | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.7.0, faulting module gtaiv.exe,
version 1.0.7.0, fault address 0x004dd6ff.

Error - 12/19/2010 5:01:04 PM | Computer Name = PRATT | Source = .NET Runtime 4.0 Error Reporting | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.7.0, stamp 4bd9efbe, faulting
module firstperson.asi, version 0.0.0.0, stamp 4a41b13c, debug? 0, fault address
0x00007b89.

Error - 12/19/2010 5:01:09 PM | Computer Name = PRATT | Source = .NET Runtime | ID = 1026
Description = Application: GTAIV.exe Framework Version: v4.0.30319 Description: The
process was terminated due to an unhandled exception. Exception Info: exception
code c0000005, exception address 03977B89

Error - 12/19/2010 5:05:25 PM | Computer Name = PRATT | Source = .NET Runtime 4.0 Error Reporting | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.7.0, stamp 4bd9efbe, faulting
module gtaiv.exe, version 1.0.7.0, stamp 4bd9efbe, debug? 0, fault address 0x004dd6ff.

Error - 12/23/2010 11:20:14 AM | Computer Name = PRATT | Source = Application Error | ID = 1000
Description = Faulting application eflc.exe, version 1.1.2.0, faulting module eflc.exe,
version 1.1.2.0, fault address 0x00052d96.

Error - 12/25/2010 12:34:44 PM | Computer Name = PRATT | Source = TomTomHOMEService | ID = 10000
Description =

Error - 12/26/2010 11:11:04 AM | Computer Name = PRATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2010 3:26:28 PM | Computer Name = PRATT | Source = Application Hang | ID = 1002
Description = Hanging application xketlqplajb.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2010 9:36:24 AM | Computer Name = PRATT | Source = Application Hang | ID = 1002
Description = Hanging application xketlqplajb.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/17/2010 6:19:51 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.

Error - 12/17/2010 6:21:21 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.

Error - 12/19/2010 6:43:05 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.

Error - 12/19/2010 6:44:35 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.

Error - 12/20/2010 5:58:45 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.

Error - 12/20/2010 6:00:15 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.

Error - 12/24/2010 2:11:51 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.

Error - 12/24/2010 2:13:21 PM | Computer Name = PRATT | Source = DCOM | ID = 10010
Description = The server {ED081F25-6A77-4C89-B689-C6E15C582EC1} did not register
with DCOM within the required timeout.

Error - 12/29/2010 12:36:35 PM | Computer Name = PRATT | Source = Service Control Manager | ID = 7034
Description = The TomTomHOMEService service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/29/2010 12:38:19 PM | Computer Name = PRATT | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Thu 30 Dec 2010, 4:11 am

OTL.Txt

OTL logfile created on: 12/29/2010 11:53:21 AM - Run 1
OTL by OldTimer - Version 3.2.18.1 Folder = C:\Documents and Settings\Josh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 67.05 Gb Free Space | 22.49% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1694.74 Gb Free Space | 90.97% Space Free | Partition Type: NTFS

Computer Name: PRATT | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 11:52:31 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\Downloads\OTL.com
PRC - [2010/12/29 11:38:24 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\Josh\Local Settings\temp\csrss.exe
PRC - [2010/12/28 23:17:57 | 000,125,440 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\conhost.exe
PRC - [2010/12/28 23:17:38 | 000,141,312 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
PRC - [2010/11/16 21:14:31 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Documents and Settings\Josh\My Documents\Steam\steam.exe
PRC - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/16 16:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/07/09 08:47:02 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/05/06 15:44:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/13 07:29:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/28 07:03:36 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/28 07:03:36 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 07:03:34 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/28 07:03:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/28 07:03:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/26 20:51:52 | 000,190,464 | ---- | M] () -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe
PRC - [2009/02/26 20:51:36 | 000,139,264 | ---- | M] () -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/29 11:50:00 | 000,110,936 | ---- | M] (TODO: ) -- C:\Program Files\Creative Home\Hallmark Card Studio 2008\Planner\PLNRnote.exe
PRC - [2007/06/01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/12/29 11:52:31 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\Downloads\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/10 07:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/08/28 07:03:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 07:03:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/02/26 22:02:26 | 002,063,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\PvPGNConsole.exe -- (pvpgn)
SRV - [2009/02/26 20:51:52 | 000,190,464 | ---- | M] () [Auto | Running] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe -- (d2cs)
SRV - [2009/02/26 20:51:36 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe -- (d2dbs)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/24 20:40:37 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/11 23:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/28 07:03:36 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 07:03:36 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/01 08:23:20 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/10 12:33:58 | 000,048,640 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/04/12 14:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 17:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/27 17:38:42 | 000,092,800 | ---- | M] (HTC Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp) HTC Diagnostic Port (PID 0B03)
DRV - [2004/08/14 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/03/31 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61333

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6c36a&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61333
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 08:53:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/26 07:02:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/06 15:45:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/23 07:00:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/24 20:27:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: E:\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: E:\plugins

[2010/12/25 11:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
[2010/12/25 11:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/12/26 14:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions
[2010/04/28 14:04:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/05 15:05:06 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/12/10 20:45:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/28 16:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 15:45:43 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/12/22 08:53:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2010/10/26 07:02:50 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/07/04 22:14:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2010/06/24 09:16:23 | 000,000,175 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 217.73.17.146 irc.westwood.com
O1 - Hosts: 217.73.17.146 gameres.westwood.com
O1 - Hosts: 217.73.17.146 servserv.westwood.com
O1 - Hosts: 217.73.17.146 apireg.westwood.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Josh\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Multimedia Keyboard] C:\Program Files\MultiMedia Keyboard\KBLED.exe (NONE)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\documents and settings\josh\my documents\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk = C:\WINDOWS\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe ()
O4 - Startup: C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk = C:\Program Files\Tilt_Wheel\Tilt_Wheel.exe (k^2+j^2)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Josh\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Josh\Local Settings\temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Josh\Application Data\dwm.exe) - C:\Documents and Settings\Josh\Application Data\dwm.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01}.exe - CLSID or File not found.
O24 - Desktop WallPaper: E:\Josh\My Pictures\Weegee.bmp
O24 - Desktop BackupWallPaper: E:\Josh\My Pictures\Weegee.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/26 16:58:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/15 05:39:36 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 07:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell - "" = AutoRun
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f4f6ba26-1041-11e0-bdf2-001d601c192d}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^Josh^Start Menu^Programs^Startup^hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe - (LogMeIn Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Josh^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Josh^Start Menu^Programs^Startup^Xfire.lnk - C:\DOCUME~1\Josh\MYDOCU~1\Xfire\Xfire.exe - File not found
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: sjtgnvgn - hkey= - key= - C:\Documents and Settings\Rich\Local Settings\Application Data\ghycohbmv\yfufjxttssd.exe File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/25 11:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\TomTom
[2010/12/25 11:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/12/25 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Local Settings\Application Data\TomTom
[2010/12/25 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\TomTom
[2010/12/25 11:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/12/25 11:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/12/18 09:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/12/15 05:57:25 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/12/15 05:46:37 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 05:45:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/10 20:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\MultiMedia Keyboard
[2010/12/10 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Tilt_Wheel
[2010/12/08 15:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET


TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Thu 30 Dec 2010, 4:11 am

========== Files - Modified Within 30 Days ==========

[2010/12/29 11:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 11:38:11 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk
[2010/12/29 11:38:06 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/29 11:37:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/29 09:20:00 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/12/29 09:19:53 | 000,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2010/12/29 09:19:28 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/29 09:19:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/29 09:00:08 | 069,470,946 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/29 08:35:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/29 08:35:05 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/29 08:35:05 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/29 08:35:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/29 08:35:05 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/28 23:47:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/28 23:17:43 | 000,012,713 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2010/12/28 23:17:38 | 000,141,312 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/12/28 14:02:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/27 20:05:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/27 11:50:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 10:24:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/25 16:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/25 00:07:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/24 22:46:53 | 000,270,904 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/12/22 21:49:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Shortcut to vegas80.lnk
[2010/12/15 07:01:42 | 000,493,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 06:01:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/10 20:21:12 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk
[2010/12/08 15:26:11 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk

========== Files Created - No Company Name ==========

[2010/12/26 17:07:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/26 17:07:52 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/26 10:24:56 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/26 10:24:55 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/25 11:13:26 | 000,141,312 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/12/25 11:13:13 | 000,012,713 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2010/12/25 07:54:54 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/25 07:54:53 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/22 21:49:02 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Shortcut to vegas80.lnk
[2010/12/10 20:21:12 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk
[2010/12/08 15:26:11 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/10 22:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/16 14:20:50 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2010/01/16 14:20:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/01/16 14:20:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2010/01/16 14:20:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2010/01/16 14:20:50 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2010/01/16 14:20:49 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/12/25 11:02:34 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 15:00:30 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/09/16 18:39:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\$_hpcst$.hpc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/24 08:47:53 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/24 08:47:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/29 22:24:39 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/05/29 20:43:58 | 000,010,802 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/05/10 20:18:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/05/10 09:38:10 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/05/10 09:32:05 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/10 08:45:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/04/23 16:55:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/26 19:51:23 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/03/26 17:35:35 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/26 17:35:35 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\PnkBstrK.sys
[2009/03/26 17:04:26 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/26 17:04:15 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/03/26 10:38:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/28 11:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 22:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2009/03/26 16:58:18 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 07:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1995/10/18 00:01:00 | 000,443,744 | ---- | M] () -- C:\WINDOWS\SGALLERY.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/12/28 23:17:57 | 000,125,440 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\conhost.exe

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >
[2009/02/26 21:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\var\bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/26 16:49:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/26 16:54:23 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/03/26 17:01:27 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/03/13 07:29:12 | 000,120,792 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/03/13 07:29:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/03/13 07:29:19 | 000,243,160 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/03/26 16:54:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Josh\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/03/26 10:36:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/26 10:36:41 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/26 10:36:41 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/03/31 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/03/31 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2003/03/31 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/03/31 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2003/03/31 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2003/03/31 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/03/31 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/03/31 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/03/31 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/03/31 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 00:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 00:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 00:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 00:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 00:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 18:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 07:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2009/03/26 16:58:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/26 16:26:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/05 16:14:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/05/01 18:27:13 | 000,028,624 | ---- | M] () -- C:\ComboFix.txt
[2009/03/26 16:58:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/03/26 16:58:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/07 21:09:00 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2009/03/26 16:58:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/03/26 16:25:13 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/26 16:45:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/27 11:50:53 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2010/09/24 11:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2010/11/23 16:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/25 20:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/11/16 17:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\Application Updater
[2009/03/26 17:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Attansic
[2009/11/03 10:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/14 09:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/10/24 20:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/11/16 17:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/16 14:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\CreataCard
[2009/08/30 09:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Home
[2010/11/16 17:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\Dealio Toolbar
[2009/04/20 17:37:36 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2010/03/11 07:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/11/27 15:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/02 15:37:47 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/06/21 18:34:01 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy
[2010/09/27 04:14:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/06/24 20:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Hamachi
[2009/05/10 09:42:21 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/05/10 09:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/07/06 19:07:18 | 000,000,000 | ---D | M] -- C:\Program Files\HTC
[2009/10/14 19:40:54 | 000,000,000 | ---D | M] -- C:\Program Files\id Software
[2010/11/27 15:30:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/26 19:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/08/07 02:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/24 20:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/10/24 20:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/01 13:55:54 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/06/24 20:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn Hamachi
[2010/08/09 17:48:25 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/09/16 18:39:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/04 02:06:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/03/26 16:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/09/24 19:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/08/25 12:45:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/12/18 08:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/24 20:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Speech SDK 5.1
[2009/08/25 12:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/08/25 12:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/11/08 03:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/11/02 19:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/10/21 18:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 22:14:13 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/12/29 11:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/25 12:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/26 16:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/03/26 16:56:23 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/04/25 02:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/12/10 20:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\MultiMedia Keyboard
[2009/04/06 16:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/03/26 16:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/08/12 21:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/03/26 16:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 05:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/12/08 15:25:32 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2010/10/24 20:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/05/06 15:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/03/26 17:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/19 00:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/04/06 16:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\SAMSUNG
[2010/08/23 09:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\Skulltag
[2009/09/16 18:38:27 | 000,000,000 | ---D | M] -- C:\Program Files\SMT5800VW User Manual
[2010/12/22 22:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/12/10 20:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\Tilt_Wheel
[2010/12/25 11:34:34 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/12/25 11:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2010/08/16 11:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\TortoiseSVN
[2009/03/26 17:01:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/16 18:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2009/07/25 17:36:16 | 000,000,000 | ---D | M] -- C:\Program Files\VSTplugins
[2009/06/24 08:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/09 17:48:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/26 16:47:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/29 18:10:44 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/03/10 14:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2009/03/26 16:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2009/09/16 18:39:27 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\$_hpcst$.hpc
[2010/12/28 23:17:43 | 000,012,713 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2009/03/26 10:38:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Josh\Application Data\desktop.ini
[2010/12/28 23:17:38 | 000,141,312 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/06/25 23:00:26 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\PnkBstrK.sys


< MD5 for: AGP440.SYS >
[2009/03/26 16:24:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/26 16:43:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/26 16:24:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/03/26 16:43:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/03/26 16:24:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/26 16:43:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/26 16:24:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/03/26 16:43:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2009/03/26 16:24:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/03/26 16:43:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/03/26 16:24:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2009/03/26 16:43:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2009/03/26 16:24:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/03/26 16:43:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/03/26 16:24:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2009/03/26 16:43:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 01:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-18 06:21:01

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by Belahzur on Thu 30 Dec 2010, 12:29 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/12/29 11:38:24 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\Josh\Local Settings\temp\csrss.exe
    PRC - [2010/12/28 23:17:57 | 000,125,440 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\conhost.exe
    PRC - [2010/12/28 23:17:38 | 000,141,312 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Josh\Application Data\Microsoft\conhost.exe ()
    F3 - HKCU WinNT: Load - (C:\DOCUME~1\Josh\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Josh\Local Settings\temp\csrss.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Josh\Application Data\dwm.exe) - C:\Documents and Settings\Josh\Application Data\dwm.exe ()

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Thu 30 Dec 2010, 12:47 pm

I tried doing this twice, both times gave me a STOP blue screen error, restarting my pc. It wasn't even able to begin. Any ideas?

TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by Belahzur on Fri 31 Dec 2010, 11:59 pm

Hello.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Sat 01 Jan 2011, 5:53 am

Alright, I booted everything up, ran the scan, etc. I wasn't asked "Do you wish to load the remote registry," and I had no option to change anything to "Non-Microsoft." My only choice was Drivers - "All," "Use Safelist," (Default), and "None." I left it on the default. I did do the "Do you wish to load remote user profile(s) for scanning" to "Yes," and I also checked the "Automatically Load All Remaining Users." I ran the scan, and two OTL.txt files popped up. They were different lengths, but I didn't see where they were too different. I'll post both.

OTL.txt (1)

OTL logfile created on: 12/31/2010 3:00:51 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 69.32 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1694.71 Gb Free Space | 90.97% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/12/10 07:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/08/28 07:03:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 07:03:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/02/26 22:02:26 | 002,063,360 | ---- | M] () [Auto] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\PvPGNConsole.exe -- (pvpgn)
SRV - [2009/02/26 20:51:52 | 000,190,464 | ---- | M] () [Auto] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe -- (d2cs)
SRV - [2009/02/26 20:51:36 | 000,139,264 | ---- | M] () [Auto] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe -- (d2dbs)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/24 20:40:37 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/11 23:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/28 07:03:36 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 07:03:36 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/01 08:23:20 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/10 12:33:58 | 000,048,640 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/04/12 14:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 17:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/27 17:38:42 | 000,092,800 | ---- | M] (HTC Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp) HTC Diagnostic Port (PID 0B03)
DRV - [2004/08/14 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/03/31 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Josh_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\Josh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Josh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Josh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61333

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Marge_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Marge_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Marge_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Marge_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52889

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Nicole.PRATT_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Nicole.PRATT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Rich_ON_C\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKU\Rich_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\Rich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Rich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Rich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55798

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6c36a&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61333
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 08:53:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/26 07:02:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/06 15:45:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/23 07:00:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/24 20:27:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: E:\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: E:\plugins

[2010/12/25 11:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
[2010/12/25 11:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/12/31 13:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions
[2010/04/28 14:04:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/05 15:05:06 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/12/10 20:45:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/31 08:34:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/24 09:16:23 | 000,000,175 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 217.73.17.146 irc.westwood.com
O1 - Hosts: 217.73.17.146 gameres.westwood.com
O1 - Hosts: 217.73.17.146 servserv.westwood.com
O1 - Hosts: 217.73.17.146 apireg.westwood.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Josh_ON_C\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\Josh_ON_C\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Josh_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Rich_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\Rich_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Josh\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Multimedia Keyboard] C:\Program Files\MultiMedia Keyboard\KBLED.exe (NONE)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Josh_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Josh_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\Josh_ON_C..\Run: [Steam] C:\documents and settings\josh\my documents\steam\steam.exe (Valve Corporation)
O4 - HKU\Josh_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\Marge_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\Rich_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Rich_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\Rich_ON_C..\Run: [ohgnffsc] C:\DOCUME~1\Rich\LOCALS~1\Temp\lsmlnrowe\xketlqplajb.exe File not found
O4 - HKU\Rich_ON_C..\Run: [vnlkocoy] C:\DOCUME~1\Rich\LOCALS~1\Temp\csslnkpph\xsjssdylajb.exe File not found
O4 - HKU\Nicole.PRATT_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk = C:\WINDOWS\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe ()
O4 - Startup: C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk = C:\Program Files\Tilt_Wheel\Tilt_Wheel.exe (k^2+j^2)
O4 - Startup: C:\Documents and Settings\Rich\Start Menu\Programs\Startup\Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE (Micrografx, Inc.)
F3 - HKU\Josh_ON_C WinNT: Load - (C:\DOCUME~1\Josh\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Josh\Local Settings\temp\csrss.exe ()
F3 - HKU\Marge_ON_C WinNT: Load - (C:\DOCUME~1\Marge\LOCALS~1\Temp\csrss.exe) - C:\DOCUME~1\Marge\LOCALS~1\Temp\csrss.exe File not found
F3 - HKU\Rich_ON_C WinNT: Load - (C:\DOCUME~1\Rich\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Rich\Local Settings\temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Josh_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marge_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Marge_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nicole.PRATT_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Nicole.PRATT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rich_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Rich_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Josh_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Josh_ON_C Winlogon: Shell - (C:\Documents and Settings\Josh\Application Data\dwm.exe) - C:\Documents and Settings\Josh\Application Data\dwm.exe ()
O20 - HKU\Marge_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Marge_ON_C Winlogon: Shell - (C:\Documents and Settings\Marge\Application Data\dwm.exe) - C:\Documents and Settings\Marge\Application Data\dwm.exe File not found
O20 - HKU\Rich_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Rich_ON_C Winlogon: Shell - (C:\Documents and Settings\Rich\Application Data\dwm.exe) - C:\Documents and Settings\Rich\Application Data\dwm.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01}.exe - CLSID or File not found.
O24 - Desktop WallPaper: E:\Josh\My Pictures\Weegee.bmp
O24 - Desktop BackupWallPaper: E:\Josh\My Pictures\Weegee.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/26 16:58:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/15 05:39:36 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 07:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2bef1046-4cbc-11de-bc03-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2bef1046-4cbc-11de-bc03-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2bef1046-4cbc-11de-bc03-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- File not found
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell - "" = AutoRun
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f4f6ba26-1041-11e0-bdf2-001d601c192d}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 20:36:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/27 17:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Dealio
[2010/12/25 11:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\TomTom
[2010/12/25 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Local Settings\Application Data\TomTom
[2010/12/25 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\TomTom
[2010/12/25 11:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/12/25 11:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/12/15 05:57:25 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/12/15 05:46:37 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 05:45:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/10 20:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\MultiMedia Keyboard
[2010/12/10 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Tilt_Wheel
[2010/12/08 15:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2005/05/11 22:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/12/31 14:44:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 14:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/31 14:32:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/31 14:31:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/31 14:31:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/31 14:31:34 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/31 14:31:33 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/31 14:31:33 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/31 14:31:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/31 14:31:33 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/31 14:19:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/31 13:41:17 | 000,027,051 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2010/12/31 13:41:13 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/12/31 13:06:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/31 10:46:29 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/12/31 10:46:22 | 000,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2010/12/31 10:45:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/31 08:56:37 | 069,558,536 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/31 05:13:42 | 000,138,752 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\dwm.exe
[2010/12/31 04:13:00 | 000,016,724 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\663E.6FE
[2010/12/28 14:02:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/27 20:05:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/27 19:05:41 | 000,005,022 | ---- | M] () -- C:\Documents and Settings\Marge\Application Data\663E.6FE
[2010/12/26 10:24:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/25 16:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/24 22:46:53 | 000,270,904 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/12/22 21:49:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Shortcut to vegas80.lnk
[2010/12/15 07:01:42 | 000,493,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 06:01:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/11 23:29:24 | 001,275,999 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\xmas10.jpg
[2010/12/10 20:21:12 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk
[2010/12/09 20:07:00 | 002,257,548 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00124.JPG
[2010/12/09 20:05:52 | 002,232,148 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00123.JPG
[2010/12/09 20:04:30 | 002,209,286 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00122.JPG

========== Files Created - No Company Name ==========

[2010/12/31 04:18:29 | 000,138,752 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\dwm.exe
[2010/12/26 17:07:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/26 17:07:52 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/26 17:02:27 | 000,005,022 | ---- | C] () -- C:\Documents and Settings\Marge\Application Data\663E.6FE
[2010/12/26 10:24:56 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/26 10:24:55 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/25 11:13:26 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/12/25 11:13:13 | 000,027,051 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2010/12/25 07:54:54 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/25 07:54:53 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/25 07:54:49 | 000,016,724 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\663E.6FE
[2010/12/22 21:49:02 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Shortcut to vegas80.lnk
[2010/12/11 23:19:12 | 001,275,999 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\xmas10.jpg
[2010/12/11 17:49:42 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
[2010/12/10 20:21:12 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk
[2010/12/10 14:26:38 | 002,232,148 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\DSC00123.JPG
[2010/12/10 14:26:36 | 002,209,286 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\DSC00122.JPG
[2010/12/10 14:26:35 | 002,257,548 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\DSC00124.JPG
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/10 14:46:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Marge\Application Data\winscp.rnd
[2010/03/02 18:59:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Marge\Application Data\$_hpcst$.hpc
[2010/02/10 22:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/16 14:20:50 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2010/01/16 14:20:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/01/16 14:20:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2010/01/16 14:20:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2010/01/16 14:20:50 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2010/01/16 14:20:49 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/12/25 11:02:34 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 15:00:30 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/09/16 21:02:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\$_hpcst$.hpc
[2009/09/16 18:39:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\$_hpcst$.hpc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/24 08:47:53 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/24 08:47:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/29 22:24:39 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/05/29 20:43:58 | 000,010,802 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/05/12 13:17:45 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Nicole.PRATT\Local Settings\Application Data\fusioncache.dat
[2009/05/11 15:20:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Marge\Local Settings\Application Data\fusioncache.dat
[2009/05/10 20:18:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/05/10 11:06:16 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/10 10:33:14 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\fusioncache.dat
[2009/05/10 09:38:10 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/05/10 08:45:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/04/23 16:55:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/06 16:39:39 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Rich\default.pls
[2009/03/26 19:51:23 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/03/26 17:35:35 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/26 17:35:35 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\PnkBstrK.sys
[2009/03/26 17:04:26 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/26 17:04:15 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/03/26 10:38:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/28 11:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/06/30 07:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/11/07 21:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\acccore
[2009/05/16 17:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\AVGTOOLBAR
[2010/03/02 20:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\BitTorrent
[2009/09/18 22:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Command & Conquer 3 Kane's Wrath
[2009/09/18 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Command & Conquer 3 Tiberium Wars
[2010/11/26 13:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Dealio
[2009/09/22 14:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Dev-Cpp
[2009/07/30 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\FUEL Demo
[2009/11/03 08:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\HLSW
[2009/03/26 17:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\InterTrust
[2009/10/18 14:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
[2009/08/07 10:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Notepad++
[2009/12/21 07:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Publish Providers
[2010/06/21 18:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Red Alert 3
[2010/11/16 21:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Search Settings
[2009/07/25 17:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Sony
[2009/07/25 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Sony Setup
[2009/08/06 12:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Subversion
[2010/12/22 22:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\SystemRequirementsLab
[2010/12/18 00:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TeamViewer
[2010/12/25 11:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TomTom
[2010/03/14 19:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TS3Client
[2010/11/18 16:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marge\Application Data\Search Settings
[2009/04/30 14:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marge\Application Data\TeamViewer
[2009/05/08 10:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\AVGTOOLBAR
[2010/02/19 11:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Dealio
[2010/12/14 11:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Search Settings
[2010/07/27 15:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Subversion
[2010/02/21 22:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\acccore
[2009/03/26 22:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\AVGTOOLBAR
[2010/12/27 17:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Dealio
[2009/09/16 20:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Publish Providers
[2010/11/16 17:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Search Settings
[2009/09/16 20:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Sony
[2010/07/24 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Subversion

========== Purity Check ==========


< End of report >

TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Sat 01 Jan 2011, 7:57 am

OTL.txt (2)

OTL logfile created on: 12/31/2010 3:00:51 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 69.32 Gb Free Space | 23.26% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1694.71 Gb Free Space | 90.97% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/12/10 07:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/08/28 07:03:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 07:03:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/02/26 22:02:26 | 002,063,360 | ---- | M] () [Auto] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\PvPGNConsole.exe -- (pvpgn)
SRV - [2009/02/26 20:51:52 | 000,190,464 | ---- | M] () [Auto] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe -- (d2cs)
SRV - [2009/02/26 20:51:36 | 000,139,264 | ---- | M] () [Auto] -- C:\Program Files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe -- (d2dbs)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/24 20:40:37 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/11 23:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/28 07:03:36 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 07:03:36 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/01 08:23:20 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/10 12:33:58 | 000,048,640 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/04/12 14:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 17:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/27 17:38:42 | 000,092,800 | ---- | M] (HTC Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp) HTC Diagnostic Port (PID 0B03)
DRV - [2004/08/14 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/03/31 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Josh_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\Josh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Josh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Josh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61333

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Marge_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Marge_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Marge_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Marge_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52889

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Nicole.PRATT_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Nicole.PRATT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Rich_ON_C\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKU\Rich_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\Rich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Rich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Rich_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55798

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6c36a&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61333
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 08:53:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/26 07:02:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/06 15:45:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/23 07:00:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/24 20:27:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: E:\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: E:\plugins

[2010/12/25 11:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
[2010/12/25 11:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/12/31 13:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions
[2010/04/28 14:04:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/05 15:05:06 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/12/10 20:45:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\4zaz1pob.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/31 08:34:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/24 09:16:23 | 000,000,175 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 217.73.17.146 irc.westwood.com
O1 - Hosts: 217.73.17.146 gameres.westwood.com
O1 - Hosts: 217.73.17.146 servserv.westwood.com
O1 - Hosts: 217.73.17.146 apireg.westwood.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Josh_ON_C\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\Josh_ON_C\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Josh_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Rich_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\Rich_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Josh\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Multimedia Keyboard] C:\Program Files\MultiMedia Keyboard\KBLED.exe (NONE)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Josh_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Josh_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\Josh_ON_C..\Run: [Steam] C:\documents and settings\josh\my documents\steam\steam.exe (Valve Corporation)
O4 - HKU\Josh_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\Marge_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\Rich_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Rich_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\Rich_ON_C..\Run: [ohgnffsc] C:\DOCUME~1\Rich\LOCALS~1\Temp\lsmlnrowe\xketlqplajb.exe File not found
O4 - HKU\Rich_ON_C..\Run: [vnlkocoy] C:\DOCUME~1\Rich\LOCALS~1\Temp\csslnkpph\xsjssdylajb.exe File not found
O4 - HKU\Nicole.PRATT_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2008.lnk = C:\WINDOWS\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe ()
O4 - Startup: C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk = C:\Program Files\Tilt_Wheel\Tilt_Wheel.exe (k^2+j^2)
O4 - Startup: C:\Documents and Settings\Rich\Start Menu\Programs\Startup\Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE (Micrografx, Inc.)
F3 - HKU\Josh_ON_C WinNT: Load - (C:\DOCUME~1\Josh\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Josh\Local Settings\temp\csrss.exe ()
F3 - HKU\Marge_ON_C WinNT: Load - (C:\DOCUME~1\Marge\LOCALS~1\Temp\csrss.exe) - C:\DOCUME~1\Marge\LOCALS~1\Temp\csrss.exe File not found
F3 - HKU\Rich_ON_C WinNT: Load - (C:\DOCUME~1\Rich\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Rich\Local Settings\temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Josh_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marge_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Marge_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nicole.PRATT_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Nicole.PRATT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rich_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Rich_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Josh_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Josh_ON_C Winlogon: Shell - (C:\Documents and Settings\Josh\Application Data\dwm.exe) - C:\Documents and Settings\Josh\Application Data\dwm.exe ()
O20 - HKU\Marge_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Marge_ON_C Winlogon: Shell - (C:\Documents and Settings\Marge\Application Data\dwm.exe) - C:\Documents and Settings\Marge\Application Data\dwm.exe File not found
O20 - HKU\Rich_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Rich_ON_C Winlogon: Shell - (C:\Documents and Settings\Rich\Application Data\dwm.exe) - C:\Documents and Settings\Rich\Application Data\dwm.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01}.exe - CLSID or File not found.
O24 - Desktop WallPaper: E:\Josh\My Pictures\Weegee.bmp
O24 - Desktop BackupWallPaper: E:\Josh\My Pictures\Weegee.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/26 16:58:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/15 05:39:36 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 07:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2bef1046-4cbc-11de-bc03-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2bef1046-4cbc-11de-bc03-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2bef1046-4cbc-11de-bc03-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- File not found
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell - "" = AutoRun
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a017fa6-952a-11de-bc20-001d601c192d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f4f6ba26-1041-11e0-bdf2-001d601c192d}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 20:36:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/27 17:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Dealio
[2010/12/25 11:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\TomTom
[2010/12/25 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Local Settings\Application Data\TomTom
[2010/12/25 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\TomTom
[2010/12/25 11:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/12/25 11:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/12/15 05:57:25 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/12/15 05:46:37 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 05:45:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/10 20:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\MultiMedia Keyboard
[2010/12/10 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Tilt_Wheel
[2010/12/08 15:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2005/05/11 22:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/12/31 14:44:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 14:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/31 14:32:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/31 14:31:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/31 14:31:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/31 14:31:34 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/31 14:31:33 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/31 14:31:33 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/31 14:31:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/31 14:31:33 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/31 14:19:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/31 13:41:17 | 000,027,051 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2010/12/31 13:41:13 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/12/31 13:06:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/31 10:46:29 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/12/31 10:46:22 | 000,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2010/12/31 10:45:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/31 08:56:37 | 069,558,536 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/31 05:13:42 | 000,138,752 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\dwm.exe
[2010/12/31 04:13:00 | 000,016,724 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\663E.6FE
[2010/12/28 14:02:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/27 20:05:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/27 19:05:41 | 000,005,022 | ---- | M] () -- C:\Documents and Settings\Marge\Application Data\663E.6FE
[2010/12/26 10:24:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/25 16:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/24 22:46:53 | 000,270,904 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/12/22 21:49:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Shortcut to vegas80.lnk
[2010/12/15 07:01:42 | 000,493,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 06:01:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/11 23:29:24 | 001,275,999 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\xmas10.jpg
[2010/12/10 20:21:12 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk
[2010/12/09 20:07:00 | 002,257,548 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00124.JPG
[2010/12/09 20:05:52 | 002,232,148 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00123.JPG
[2010/12/09 20:04:30 | 002,209,286 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00122.JPG

========== Files Created - No Company Name ==========

[2010/12/31 04:18:29 | 000,138,752 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\dwm.exe
[2010/12/26 17:07:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/26 17:07:52 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/26 17:02:27 | 000,005,022 | ---- | C] () -- C:\Documents and Settings\Marge\Application Data\663E.6FE
[2010/12/26 10:24:56 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/26 10:24:55 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/25 11:13:26 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/12/25 11:13:13 | 000,027,051 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2010/12/25 07:54:54 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/25 07:54:53 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/25 07:54:49 | 000,016,724 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\663E.6FE
[2010/12/22 21:49:02 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Shortcut to vegas80.lnk
[2010/12/11 23:19:12 | 001,275,999 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\xmas10.jpg
[2010/12/11 17:49:42 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Enemy Territory - QUAKE Wars(TM).lnk
[2010/12/10 20:21:12 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk
[2010/12/10 14:26:38 | 002,232,148 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\DSC00123.JPG
[2010/12/10 14:26:36 | 002,209,286 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\DSC00122.JPG
[2010/12/10 14:26:35 | 002,257,548 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\DSC00124.JPG
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/03/10 14:46:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Marge\Application Data\winscp.rnd
[2010/03/02 18:59:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Marge\Application Data\$_hpcst$.hpc
[2010/02/10 22:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/16 14:20:50 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2010/01/16 14:20:50 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/01/16 14:20:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2010/01/16 14:20:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2010/01/16 14:20:50 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2010/01/16 14:20:49 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/12/25 11:02:34 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 15:00:30 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/09/16 21:02:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Rich\Application Data\$_hpcst$.hpc
[2009/09/16 18:39:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\$_hpcst$.hpc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/24 08:47:53 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/24 08:47:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/29 22:24:39 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/05/29 20:43:58 | 000,010,802 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/05/12 13:17:45 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Nicole.PRATT\Local Settings\Application Data\fusioncache.dat
[2009/05/11 15:20:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Marge\Local Settings\Application Data\fusioncache.dat
[2009/05/10 20:18:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/05/10 11:06:16 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/10 10:33:14 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\fusioncache.dat
[2009/05/10 09:38:10 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/05/10 08:45:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2009/04/23 16:55:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/06 16:39:39 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Rich\default.pls
[2009/03/26 19:51:23 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/03/26 17:35:35 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/26 17:35:35 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\PnkBstrK.sys
[2009/03/26 17:04:26 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/26 17:04:15 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/03/26 10:38:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/28 11:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/06/30 07:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/11/07 21:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\acccore
[2009/05/16 17:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\AVGTOOLBAR
[2010/03/02 20:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\BitTorrent
[2009/09/18 22:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Command & Conquer 3 Kane's Wrath
[2009/09/18 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Command & Conquer 3 Tiberium Wars
[2010/11/26 13:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Dealio
[2009/09/22 14:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Dev-Cpp
[2009/07/30 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\FUEL Demo
[2009/11/03 08:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\HLSW
[2009/03/26 17:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\InterTrust
[2009/10/18 14:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
[2009/08/07 10:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Notepad++
[2009/12/21 07:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Publish Providers
[2010/06/21 18:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Red Alert 3
[2010/11/16 21:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Search Settings
[2009/07/25 17:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Sony
[2009/07/25 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Sony Setup
[2009/08/06 12:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Subversion
[2010/12/22 22:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\SystemRequirementsLab
[2010/12/18 00:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TeamViewer
[2010/12/25 11:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TomTom
[2010/03/14 19:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TS3Client
[2010/11/18 16:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marge\Application Data\Search Settings
[2009/04/30 14:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marge\Application Data\TeamViewer
[2009/05/08 10:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\AVGTOOLBAR
[2010/02/19 11:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Dealio
[2010/12/14 11:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Search Settings
[2010/07/27 15:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Subversion
[2010/02/21 22:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\acccore
[2009/03/26 22:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\AVGTOOLBAR
[2010/12/27 17:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Dealio
[2009/09/16 20:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Publish Providers
[2010/11/16 17:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Search Settings
[2009/09/16 20:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Sony
[2010/07/24 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Subversion

========== Purity Check ==========


< End of report >
[2010/12/31 15:02:45 | 000,110,592 | -H-- | M] () -- C:\Documents and Settings\Josh\ntuser.dat.LOG
[2010/12/31 14:59:06 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\Marge\NTUSER.DAT.LOG
[2010/12/31 14:59:05 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\Rich\NTUSER.DAT.LOG
[2010/12/31 14:59:05 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\Nicole.PRATT\NTUSER.DAT.LOG
[2010/12/31 14:59:05 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2010/12/31 14:59:05 | 000,008,192 | -H-- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2010/12/31 14:44:21 | 026,476,544 | -H-- | M] () -- C:\Documents and Settings\Josh\ntuser.dat
[2010/12/31 14:44:21 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/12/31 14:44:21 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/12/31 14:44:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 14:44:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/12/31 14:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/31 14:32:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Josh\Cookies
[2010/12/31 14:32:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/31 14:31:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/31 14:31:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/31 14:31:34 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/31 14:31:33 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/31 14:31:33 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/31 14:31:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/31 14:31:33 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/31 14:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Local Settings\Application Data\TSVNCache
[2010/12/31 14:22:51 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Rich\NTUSER.DAT
[2010/12/31 14:22:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Josh\ntuser.ini
[2010/12/31 14:19:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/31 13:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/12/31 13:41:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Josh\Application Data\Microsoft
[2010/12/31 13:41:17 | 000,027,051 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2010/12/31 13:41:13 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/12/31 13:41:13 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Josh\Application Data
[2010/12/31 13:06:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/31 10:46:29 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/12/31 10:46:22 | 000,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2010/12/31 10:45:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/31 08:56:37 | 069,558,536 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/31 08:47:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rich\Cookies
[2010/12/31 08:27:08 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Rich\My Documents
[2010/12/31 05:13:42 | 000,138,752 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\dwm.exe
[2010/12/31 05:13:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Rich\Application Data
[2010/12/31 05:13:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rich\Application Data\Microsoft
[2010/12/31 04:13:00 | 000,016,724 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\663E.6FE
[2010/12/29 20:50:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Josh\Recent
[2010/12/29 12:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Desktop
[2010/12/29 11:49:24 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Marge\Application Data
[2010/12/29 08:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Local Settings\Application Data\TSVNCache
[2010/12/28 23:15:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rich\ntuser.ini
[2010/12/28 14:02:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/28 13:34:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marge\Application Data\Microsoft
[2010/12/27 20:06:00 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Marge\ntuser.dat
[2010/12/27 20:06:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Marge\ntuser.ini
[2010/12/27 20:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marge\Local Settings\Application Data\TSVNCache
[2010/12/27 20:05:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/27 19:05:41 | 000,005,022 | ---- | M] () -- C:\Documents and Settings\Marge\Application Data\663E.6FE
[2010/12/27 18:12:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marge\Cookies
[2010/12/27 17:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Dealio
[2010/12/26 10:24:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/25 16:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/25 11:35:26 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Josh\My Documents
[2010/12/25 11:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Local Settings\Application Data\TomTom
[2010/12/25 11:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TomTom
[2010/12/25 11:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2010/12/25 11:34:34 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/12/24 22:46:53 | 000,270,904 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/12/23 12:15:52 | 000,257,888 | -H-- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\IconCache.db
[2010/12/22 22:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/12/22 22:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\SystemRequirementsLab
[2010/12/22 21:49:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Shortcut to vegas80.lnk
[2010/12/21 23:02:23 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Nicole.PRATT\NTUSER.DAT
[2010/12/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Local Settings\Application Data\TSVNCache
[2010/12/21 13:18:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Nicole.PRATT\Cookies
[2010/12/18 08:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/12/18 00:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TeamViewer
[2010/12/17 08:12:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Rich\Recent
[2010/12/15 07:01:42 | 000,493,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 06:01:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 05:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/12/14 11:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Desktop
[2010/12/14 11:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Search Settings
[2010/12/12 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Local Settings\Application Data\Microsoft
[2010/12/11 23:29:24 | 001,275,999 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\xmas10.jpg
[2010/12/11 23:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Desktop
[2010/12/11 23:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Local Settings\Application Data\Paint.NET
[2010/12/10 20:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\MultiMedia Keyboard
[2010/12/10 20:21:12 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk
[2010/12/10 20:21:08 | 000,000,000 | ---D | M] -- C:\Program Files\Tilt_Wheel
[2010/12/10 15:21:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2010/12/09 20:07:00 | 002,257,548 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00124.JPG
[2010/12/09 20:05:52 | 002,232,148 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00123.JPG
[2010/12/09 20:04:30 | 002,209,286 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00122.JPG
[2010/12/08 15:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Local Settings\Application Data\Paint.NET
[2010/12/08 15:25:32 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2010/10/15 11:00:19 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/02 15:40:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nicole.PRATT\ntuser.ini
[2010/08/15 09:29:46 | 000,175,832 | ---- | M] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/13 16:41:51 | 002,685,662 | -H-- | M] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\IconCache.db
[2010/06/25 23:00:26 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\PnkBstrK.sys
[2010/03/11 19:54:12 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Marge\Application Data\winscp.rnd
[2010/03/02 18:59:39 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Marge\Application Data\$_hpcst$.hpc
[2010/02/12 15:18:04 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\Rich\default.pls
[2010/01/17 11:37:16 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\Marge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/16 16:35:06 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\Nicole.PRATT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/25 11:02:53 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 06:52:11 | 003,797,076 | -H-- | M] () -- C:\Documents and Settings\Marge\Local Settings\Application Data\IconCache.db
[2009/09/16 21:02:54 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\$_hpcst$.hpc
[2009/09/16 18:39:27 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\$_hpcst$.hpc
[2009/08/11 05:40:03 | 003,796,290 | -H-- | M] () -- C:\Documents and Settings\Nicole.PRATT\Local Settings\Application Data\IconCache.db
[2009/05/12 13:17:45 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Nicole.PRATT\Local Settings\Application Data\fusioncache.dat
[2009/05/11 15:20:36 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Marge\Local Settings\Application Data\fusioncache.dat
[2009/05/10 10:33:14 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\fusioncache.dat
[2009/03/26 17:00:39 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/03/26 10:38:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Rich\Application Data\desktop.ini
[2009/03/26 10:38:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Nicole.PRATT\Application Data\desktop.ini
[2009/03/26 10:38:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Marge\Application Data\desktop.ini
[2009/03/26 10:38:29 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Josh\Application Data\desktop.ini
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/05/11 22:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/12/31 14:44:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 14:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/31 14:32:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/31 14:31:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/31 14:31:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/31 14:31:34 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/31 14:31:33 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/31 14:31:33 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/31 14:31:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/31 14:31:33 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/31 14:19:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1003.job
[2010/12/31 13:41:17 | 000,027,051 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\663E.6FE
[2010/12/31 13:41:13 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\dwm.exe
[2010/12/31 13:06:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/31 10:46:29 | 000,138,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/12/31 10:46:22 | 000,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2010/12/31 10:45:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
[2010/12/31 08:56:37 | 069,558,536 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/31 05:13:42 | 000,138,752 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\dwm.exe
[2010/12/31 04:13:00 | 000,016,724 | ---- | M] () -- C:\Documents and Settings\Rich\Application Data\663E.6FE
[2010/12/28 14:02:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1004.job
[2010/12/27 20:05:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
[2010/12/27 19:05:41 | 000,005,022 | ---- | M] () -- C:\Documents and Settings\Marge\Application Data\663E.6FE
[2010/12/26 10:24:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
[2010/12/25 16:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/24 22:46:53 | 000,270,904 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/12/22 21:49:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Shortcut to vegas80.lnk
[2010/12/15 07:01:42 | 000,493,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 06:01:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/11 23:29:24 | 001,275,999 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\xmas10.jpg
[2010/12/10 20:21:12 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\Tilt Wheel Driver V1.0 20091106.lnk
[2010/12/09 20:07:00 | 002,257,548 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00124.JPG
[2010/12/09 20:05:52 | 002,232,148 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00123.JPG
[2010/12/09 20:04:30 | 002,209,286 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\DSC00122.JPG

========== LOP Check ==========

[2009/06/30 07:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/11/07 21:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\acccore
[2009/05/16 17:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\AVGTOOLBAR
[2010/03/02 20:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\BitTorrent
[2009/09/18 22:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Command & Conquer 3 Kane's Wrath
[2009/09/18 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Command & Conquer 3 Tiberium Wars
[2010/11/26 13:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Dealio
[2009/09/22 14:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Dev-Cpp
[2009/07/30 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\FUEL Demo
[2009/11/03 08:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\HLSW
[2009/03/26 17:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\InterTrust
[2009/10/18 14:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
[2009/08/07 10:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Notepad++
[2009/12/21 07:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Publish Providers
[2010/06/21 18:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Red Alert 3
[2010/11/16 21:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Search Settings
[2009/07/25 17:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Sony
[2009/07/25 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Sony Setup
[2009/08/06 12:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Subversion
[2010/12/22 22:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\SystemRequirementsLab
[2010/12/18 00:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TeamViewer
[2010/12/25 11:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TomTom
[2010/03/14 19:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TS3Client
[2010/11/18 16:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marge\Application Data\Search Settings
[2009/04/30 14:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marge\Application Data\TeamViewer
[2009/05/08 10:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\AVGTOOLBAR
[2010/02/19 11:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Dealio
[2010/12/14 11:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Search Settings
[2010/07/27 15:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicole.PRATT\Application Data\Subversion
[2010/02/21 22:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\acccore
[2009/03/26 22:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\AVGTOOLBAR
[2010/12/27 17:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Dealio
[2009/09/16 20:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Publish Providers
[2010/11/16 17:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Search Settings
[2009/09/16 20:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Sony
[2010/07/24 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Subversion

========== Purity Check ==========



< End of report >

TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by Belahzur on Sat 01 Jan 2011, 11:54 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Sat 01 Jan 2011, 3:57 pm

ComboFix 10-12-31.01 - Josh 12/31/2010 23:37:00.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2767 [GMT -5]
Running from: c:\documents and settings\Josh\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\B64.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\swUPdate.dll
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd
c:\documents and settings\Josh\Application Data\Dealio
c:\documents and settings\Josh\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Josh\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Josh\Application Data\dwm.exe
c:\documents and settings\Josh\Application Data\Microsoft\conhost.exe
c:\documents and settings\Nicole.PRATT\Application Data\Dealio
c:\documents and settings\Nicole.PRATT\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Nicole.PRATT\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Rich\Application Data\Dealio
c:\documents and settings\Rich\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Rich\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Rich\Application Data\dwm.exe
c:\documents and settings\Rich\Application Data\Microsoft\conhost.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.1\config.ini
c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\Thumbs.db
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\ST6UNST.000
E:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.

2010-12-31 18:40 . 2010-12-31 18:40 189 ----a-w- c:\documents and settings\Josh\Application Data\Microsoft\gb_44729265.bat
2010-12-30 01:36 . 2010-12-30 01:36 -------- d-----w- C:\_OTL
2010-12-25 16:35 . 2010-12-25 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2010-12-25 16:34 . 2010-12-25 16:34 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\TomTom
2010-12-25 16:34 . 2010-12-25 16:34 -------- d-----w- c:\documents and settings\Josh\Application Data\TomTom
2010-12-25 16:34 . 2010-12-25 16:34 -------- d-----w- c:\program files\TomTom International B.V
2010-12-25 16:34 . 2010-12-25 16:34 -------- d-----w- c:\program files\TomTom HOME 2
2010-12-15 10:46 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 10:45 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:21 . 2010-12-11 01:21 -------- d-----w- c:\program files\MultiMedia Keyboard
2010-12-11 01:21 . 2010-12-11 01:21 -------- d-----w- c:\program files\Tilt_Wheel
2010-12-08 20:25 . 2010-12-08 20:25 -------- d-----w- c:\program files\Paint.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 21:27 . 2009-03-26 22:35 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-31 21:27 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-31 21:27 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-25 03:46 . 2009-03-28 00:45 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-24 00:41 . 2009-03-26 22:35 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-23 00:26 . 2010-04-04 03:47 6814952 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-11-22 01:12 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-22 01:12 . 2009-08-18 16:24 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-18 18:12 . 2009-03-26 21:57 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2003-03-31 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2003-03-31 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\documents and settings\josh\my documents\steam\steam.exe" [2010-11-17 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-06 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]
"Multimedia Keyboard"="c:\program files\MultiMedia Keyboard\KBLED.exe" [2009-10-21 40960]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
Tilt Wheel Driver V1.0 20091106.lnk - c:\program files\Tilt_Wheel\Tilt_Wheel.exe [2009-11-6 340992]

c:\documents and settings\Rich\Start Menu\Programs\Startup\
Event Minder Reminders.lnk - c:\hallmark\EMREMIND.EXE [2009-5-10 6240]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2009-8-30 1718]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-05-15 21:12 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 15:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-06 20:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life blue shift\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\opposing force\\hl.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress classic\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\all points bulletin\\Binaries\\APB.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.12.game"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\pvpgn-1.8.5\\d2dbsConsole.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"e:\\Josh\\OldGames\\DOOMII\\skulltag.exe"=
"e:\\Josh\\OldGames\\DOOMII\\doomseeker.exe"=
"e:\\Josh\\OldGames\\DOOMII\\rcon_utility.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Skulltag\\doomseeker.exe"=
"c:\\Program Files\\Skulltag\\rcon_utility.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\ultimate doom\\ultimate + mouse.bat"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\ultimate doom\\ultimate.bat"=
"e:\\Josh\\TeamViewer\\Version4\\TeamViewer.exe"=
"e:\\Josh\\AIM\\aim.exe"=
"e:\\Josh\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"e:\\Josh\\FMOD Designer\\fmod_musicplayer.exe"=
"e:\\Josh\\FMOD Designer\\fmod_eventplayer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\LaunchEFLC.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\EFLC.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life source\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\garrysmod\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy dedicated server\\srcds.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy\\hl2.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 5:05 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 5:05 PM 108552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [10/22/2010 4:38 PM 386560]
R2 d2cs;d2cs service;c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe --service --> c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe --service [?]
R2 d2dbs;d2dbs service;c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe --service --> c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe --service [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 7:29 AM 92008]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/26/2009 5:04 PM 38656]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2009 10:42 PM 133104]
S2 pvpgn;PvPGN service;c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\PvPGNConsole.exe --service --> c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\PvPGNConsole.exe --service [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [9/16/2009 6:48 PM 92800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2011-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-12-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:61333
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-conhost - c:\documents and settings\Josh\Application Data\Microsoft\conhost.exe
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-sjtgnvgn - c:\documents and settings\Rich\Local Settings\Application Data\ghycohbmv\yfufjxttssd.exe
AddRemove-AIM_7 - c:\program files\AIM\uninst.exe
AddRemove-Crash Course 3.2 Installer - c:\documents and settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\left4dead2\Uninstal.exe
AddRemove-Dead Air Modified - c:\documents and settings\Josh\My Documents\Steam\steamapps\common\left 4 dead 2\left4dead2\Uninstal.exe
AddRemove-Dev-C++ - c:\dev-cpp\uninstall.exe
AddRemove-Fraps - c:\documents and settings\Josh\My Documents\Fraps\uninstall.exe
AddRemove-Half-Life 2 Riot Act - c:\documents and settings\josh\my documents\steam\SteamApps\SourceMods\half-life 2 riot act\uninst.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\srcds\UNWISE.EXE
AddRemove-Mozilla Firefox (3.6.8) - e:\uninstall\helper.exe
AddRemove-SunEdit 2K Beta 7.2 - c:\docume~1\Josh\MYDOCU~1\SE2K\UNWISE.EXE
AddRemove-Teamspeak 2 RC2_is1 - c:\documents and settings\Josh\My Documents\Teamspeak2_RC2\unins000.exe
AddRemove-TeamSpeak 3 Client - c:\program files\TeamSpeak 3 Client\uninstall.exe
AddRemove-TeamViewer 4 - c:\program files\TeamViewer\Version4\uninstall.exe
AddRemove-TeamViewer 5 - c:\program files\TeamViewer\Version5\uninstall.exe
AddRemove-XCC Utilities - c:\program files\XCC\Utilities\Uninstall.exe
AddRemove-Xfire - c:\documents and settings\Josh\My Documents\Xfire\uninst.exe
AddRemove-{471DCE2E-75B0-4B4F-B6B1-C4EA5A3D1E2C} - c:\softimage\Softimage_Mod_Tool_7.5\Setup\setup.exe
AddRemove-BitTorrent - c:\documents and settings\Josh\My Documents\Bittorrent\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-31 23:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:3e,85,c1,e9,9f,b5,8b,8d,be,b9,d8,6c,37,07,ee,13,57,71,aa,3c,29,b0,fa,
03,63,1d,58,76,20,df,68,39,d9,03,8a,d8,7d,33,c3,b2,71,4a,cf,96,6b,53,1f,3b,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,b7,0f,4d,37,50,d3,5a,39,85,e4,62,3b,f9,e1,45,7e,ff,19,18,ba,
9f,b4,07,36,3f,96,76,89,44,74,5a,26,ec,58,ac,6f,20,5d,e4,c2,62,52,24,3c,c7,\
"rkeysecu"=hex:46,24,8a,4e,50,cf,6d,2f,4c,3b,46,90,a6,fa,ec,3b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1900)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe
c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Creative Home\Hallmark Card Studio 2008\Planner\PLNRnote.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-31 23:53:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-01 04:52
ComboFix2.txt 2010-05-01 23:27

Pre-Run: 74,463,686,656 bytes free
Post-Run: 76,117,962,752 bytes free

- - End Of File - - 6818C75526B19E6088456C1461F34E98

Firefox also stopped working after I ran the scan. It's coming up with this message no matter the URL:

The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections.

* Check the proxy settings to make sure that they are correct.

* Contact your network administrator to make sure the proxy server is
working.

-Try Again-


I'm not sure if it had to do with csrss.exe being removed, but that also pops up on login, that csrss.exe no longer exists.


TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by Belahzur on Sun 02 Jan 2011, 11:57 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:61333
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Sun 02 Jan 2011, 3:03 pm

ComboFix 11-01-01.01 - Josh 01/01/2011 22:37:01.8.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2635 [GMT -5]
Running from: c:\documents and settings\Josh\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-01 04:33 . 2011-01-01 04:53 -------- d-----w- C:\Combo-Fix
2010-12-31 18:40 . 2010-12-31 18:40 189 ----a-w- c:\documents and settings\Josh\Application Data\Microsoft\gb_44729265.bat
2010-12-30 01:36 . 2010-12-30 01:36 -------- d-----w- C:\_OTL
2010-12-25 16:35 . 2010-12-25 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2010-12-25 16:34 . 2010-12-25 16:34 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\TomTom
2010-12-25 16:34 . 2010-12-25 16:34 -------- d-----w- c:\documents and settings\Josh\Application Data\TomTom
2010-12-25 16:34 . 2010-12-25 16:34 -------- d-----w- c:\program files\TomTom International B.V
2010-12-25 16:34 . 2010-12-25 16:34 -------- d-----w- c:\program files\TomTom HOME 2
2010-12-15 10:46 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 10:45 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-11 01:21 . 2010-12-11 01:21 -------- d-----w- c:\program files\MultiMedia Keyboard
2010-12-11 01:21 . 2010-12-11 01:21 -------- d-----w- c:\program files\Tilt_Wheel
2010-12-08 20:25 . 2010-12-08 20:25 -------- d-----w- c:\program files\Paint.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 22:14 . 2009-03-26 22:35 138784 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-01 22:14 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-01 22:14 . 2009-03-26 22:35 111928 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-25 03:46 . 2009-03-28 00:45 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-24 00:41 . 2009-03-26 22:35 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-23 00:26 . 2010-04-04 03:47 6814952 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-11-22 01:12 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-22 01:12 . 2009-08-18 16:24 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-18 18:12 . 2009-03-26 21:57 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2003-03-31 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2003-03-31 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\documents and settings\josh\my documents\steam\steam.exe" [2010-11-17 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-06 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]
"Multimedia Keyboard"="c:\program files\MultiMedia Keyboard\KBLED.exe" [2009-10-21 40960]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
Tilt Wheel Driver V1.0 20091106.lnk - c:\program files\Tilt_Wheel\Tilt_Wheel.exe [2009-11-6 340992]

c:\documents and settings\Rich\Start Menu\Programs\Startup\
Event Minder Reminders.lnk - c:\hallmark\EMREMIND.EXE [2009-5-10 6240]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2009-8-30 1718]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Josh^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Josh\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-05-15 21:12 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 15:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-06 20:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\source sdk base\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life blue shift\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\opposing force\\hl.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\team fortress classic\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\all points bulletin\\Binaries\\APB.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.12.game"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\gamemd.exe"=
"c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\pvpgn-1.8.5\\d2dbsConsole.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"e:\\Josh\\OldGames\\DOOMII\\skulltag.exe"=
"e:\\Josh\\OldGames\\DOOMII\\doomseeker.exe"=
"e:\\Josh\\OldGames\\DOOMII\\rcon_utility.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Skulltag\\doomseeker.exe"=
"c:\\Program Files\\Skulltag\\rcon_utility.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\ultimate doom\\ultimate + mouse.bat"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\ultimate doom\\ultimate.bat"=
"e:\\Josh\\TeamViewer\\Version4\\TeamViewer.exe"=
"e:\\Josh\\AIM\\aim.exe"=
"e:\\Josh\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"e:\\Josh\\FMOD Designer\\fmod_musicplayer.exe"=
"e:\\Josh\\FMOD Designer\\fmod_eventplayer.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life\\hl.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\LaunchGTAIV.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\LaunchEFLC.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\EFLC.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\half-life source\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\garrysmod\\hl2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy dedicated server\\srcds.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\triggahappy64\\synergy\\hl2.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Documents and Settings\\Josh\\My Documents\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2009 5:05 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2009 5:05 PM 108552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [10/22/2010 4:38 PM 386560]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 7:29 AM 92008]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [3/26/2009 5:04 PM 38656]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 d2cs;d2cs service;c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe --service --> c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2csConsole.exe --service [?]
S2 d2dbs;d2dbs service;c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe --service --> c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\d2dbsConsole.exe --service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2009 10:42 PM 133104]
S2 pvpgn;PvPGN service;c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\PvPGNConsole.exe --service --> c:\program files\EA GAMES\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\pvpgn-1.8.5\PvPGNConsole.exe --service [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Josh\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [9/16/2009 6:48 PM 92800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 03:42]

2011-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-179605362-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-12-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-179605362-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-01 22:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:3e,85,c1,e9,9f,b5,8b,8d,be,b9,d8,6c,37,07,ee,13,57,71,aa,3c,29,b0,fa,
03,63,1d,58,76,20,df,68,39,d9,03,8a,d8,7d,33,c3,b2,71,4a,cf,96,6b,53,1f,3b,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-343818398-179605362-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,b7,0f,4d,37,50,d3,5a,39,85,e4,62,3b,f9,e1,45,7e,ff,19,18,ba,
9f,b4,07,36,3f,96,76,89,44,74,5a,26,ec,58,ac,6f,20,5d,e4,c2,62,52,24,3c,c7,\
"rkeysecu"=hex:46,24,8a,4e,50,cf,6d,2f,4c,3b,46,90,a6,fa,ec,3b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2072)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-01 22:47:58
ComboFix-quarantined-files.txt 2011-01-02 03:47
ComboFix2.txt 2011-01-01 04:53
ComboFix3.txt 2010-05-01 23:27

Pre-Run: 76,231,606,272 bytes free
Post-Run: 76,219,912,192 bytes free

- - End Of File - - 96E7C568CB3ABFFBD43043A51284AF1B

I figured out how to get the internet on Firefox on my account, but my Father's and Mother's accounts are still not working, and now Internet Explorer isn't.

TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by Belahzur on Mon 03 Jan 2011, 12:50 pm

What version of IE is it?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Mon 03 Jan 2011, 1:28 pm

Version 6.0.2900.5512

But it's working fine on my account, just not theirs. It just can't display any pages, and FireFox won't work on theirs either. The proxy message just comes up.

TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by Belahzur on Tue 04 Jan 2011, 12:20 pm

This will fix the proxy message.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


Is the OS genuine? if so just update it to IE7 OR IE8.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by TrIggA on Wed 05 Jan 2011, 4:12 am

Thanks so much! Firefox and Internet Explorer are working fine now. The only problem is when I go on my Dad's account, it still says "csrss.exe" is missing, it's not doing anything to hurt the PC, so if it's not a problem we can ignore it. Other than that, we're going to buy AVG 2011 soon, alongside MalwareByte's Anti-Malware, so hopefully we won't have these problems again. If there's anything else I need to do, please tell me, otherwise, thank you again! You're a lifesaver.

TrIggA

Newbie Surfer
Newbie Surfer

Posts : 27
Joined : 2010-02-11
Operating System : Windows XP Professional, SP3

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by Belahzur on Wed 05 Jan 2011, 9:13 am

Hello.
We can look at your dads account if you want to.

We advise against AVG 2011, it sucks so badly, the staff here never recommend AVG, so many false positives in it.

We recommend either Avira/Avast.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and other viruses, not sure what to do!

Post by Sponsored content Today at 4:09 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum