1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Ps/2 Keyboard Failure and kbdclass.sys Problem

Discussion in 'Malware and Virus Removal Archive' started by Gideon, 2011/02/15.

  1. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very well.
    Delete your Combofix file, download fresh one and post new log.
     
  2. 2011/02/24
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Ok, deleted, downloaded and ran ComboFix but the log it generated is absolutely massive in size. If I'm not mistaken it close to 500,000 characters. Should that be right?
     
    Last edited: 2011/02/24

  3. to hide this advert.

  4. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
  5. 2011/02/24
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
  6. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Posting your log.....

    ComboFix 11-02-24.02 - Gideon 2011-02-24 17:00:26.11.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1472 [GMT -8:00]
    Running from: c:\documents and settings\Gideon\Desktop\hezb0ller\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\winlogon.exe

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
    .

    2011-02-22 03:15 . 2006-12-29 08:31 19569 ----a-w- c:\windows\000001_.tmp
    2011-02-22 02:51 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-02-22 02:51 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-02-22 02:51 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-02-22 02:51 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-02-22 02:51 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-02-22 02:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-02-22 02:50 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-02-22 02:50 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-02-22 02:50 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-02-22 02:50 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-02-22 02:50 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-02-22 02:50 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-02-22 02:50 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-02-22 02:50 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-02-22 02:50 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-02-22 02:50 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-02-22 02:48 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-02-22 02:48 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-02-22 02:48 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-02-22 02:48 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-02-22 02:48 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-02-22 02:48 . 2010-12-09 13:07 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2011-02-22 02:48 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-02-22 02:48 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-02-22 00:47 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
    2011-02-21 21:47 . 2008-04-14 13:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
    2011-02-21 21:46 . 2006-12-29 08:31 19569 ----a-w- c:\windows\002985_.tmp
    2011-02-15 05:18 . 2011-02-15 05:18 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    2011-02-15 04:58 . 2011-02-15 04:58 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
    2011-02-15 04:32 . 2011-02-15 04:32 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}
    2011-02-15 04:32 . 2011-02-15 04:32 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
    2011-02-15 04:19 . 2011-02-15 04:19 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
    2011-02-14 01:15 . 2011-02-14 01:15 -------- d-----w- c:\program files\XILS-lab
    2011-02-13 22:55 . 2011-02-13 23:19 -------- d-----w- c:\program files\D16 Group
    2011-02-12 20:02 . 2011-02-12 20:02 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-02-12 20:01 . 2011-02-12 20:03 -------- d-----w- c:\documents and settings\Gideon\Application Data\DAEMON Tools Pro
    2011-02-12 20:01 . 2011-02-12 20:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
    2011-02-12 05:46 . 2006-09-14 09:21 2240 ----a-w- c:\windows\LENDIG.sys
    2011-02-12 05:03 . 2010-09-07 15:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-12 05:03 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-12 05:03 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-12 05:03 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-12 05:03 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-02-12 05:03 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-02-12 05:03 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-12 05:03 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-02-12 05:02 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2011-02-12 05:02 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-12 05:02 . 2011-02-12 05:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
    2011-02-12 03:56 . 1999-12-17 18:13 86016 ----a-w- c:\windows\unvise32.exe
    2011-02-11 22:47 . 2003-07-06 17:10 17408 ------w- c:\windows\system32\minimp3.exe
    2011-02-11 21:18 . 2011-02-11 21:18 -------- d-----w- c:\documents and settings\Gideon\Application Data\iZotope
    2011-02-11 21:10 . 2011-02-11 21:09 710496 ----a-w- c:\program files\Uninstall Information\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}\unins000.exe
    2011-02-11 18:15 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-11 18:15 . 2011-02-11 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-11 18:15 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-11 17:17 . 2010-01-17 07:27 2440704 ----a-w- c:\windows\system32\SYNSOEMU.DLL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-24 18:11 . 2004-08-04 12:00 507904 ----a-w- c:\windows\system32\winlogon.exe
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:08 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:08 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-12-20 23:08 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:08 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15 . 2004-08-04 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-12-02 00:12 . 2007-05-17 16:48 720896 ----a-w- c:\windows\iun6002.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-02-19_23.38.54 )))))))))))))))))))))))))))))))))))))))))
    .
    [skipped - Broni]
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527} "= "c:\program files\BitTorrentBar\tbBit0.dll" [2010-11-14 3913000]

    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-14 05:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    2010-11-14 05:58 3913000 ----a-w- c:\program files\BitTorrentBar\tbBit0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527} "= "c:\program files\BitTorrentBar\tbBit0.dll" [2010-11-14 3913000]
    "{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]

    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @= "{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} "
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 68856]
    "DAEMON Tools Pro Agent "= "k:\daemon tools pro\DTAgent.exe" [2011-01-13 840000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
    "Profiler "= "c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840]
    "SaiMfd "= "c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-10 126976]
    "nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
    "SwitchBoard "= "c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "LXCGCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]

    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-6 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "Midi2 "=ma_cmidn.dll
    "midi3 "=ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-06-08 00:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Java\\jre1.5.0_05\\bin\\rmiregistry.exe "=
    "c:\\WINDOWS\\system32\\dpvsetup.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\DNA\\btdna.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142Pace.exe "=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "c:\\WINDOWS\\system32\\winver.exe "=
    "c:\\Program Files\\ComicRack\\ComicRack.exe "=

    R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.sys [2007-06-29 4608]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-02-11 340048]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-11 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-11 17744]
    R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-06-05 20072]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-02-12 218688]
    R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-09-15 38248]
    S1 MpKslcb21d3e3;MpKslcb21d3e3;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F3C876A-1946-4FDD-8B3C-C4B9E1C5C240}\MpKslcb21d3e3.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F3C876A-1946-4FDD-8B3C-C4B9E1C5C240}\MpKslcb21d3e3.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 135664]
    S3 dsaudiodevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [2009-02-08 16640]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-07-24 14424]
    S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2007-05-06 176384]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2010-06-08 13504]
    S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2010-06-08 22304]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-06-16 717296]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b2c3bb6b-e005-4246-b8e5-df0a4d073cdc}]
    2008-06-18 23:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-24 c:\windows\Tasks\AdobeAAMUpdater-1.0-TELETRAN-Gideon.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-12 11:44]

    2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

    2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\Gideon\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
    LSP: %SYSTEMROOT%\system32\nvappfilter.dll
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    FF - ProfilePath - c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Arabic spell-checking dictionary: ar@dictionaries.addons.mozilla.org - %profile%\extensions\ar@dictionaries.addons.mozilla.org
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-24 17:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...


    C:\## aswSnx private storage

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\!caution! never delete or change any key*]
    "?? "=hex:06,6a,34,8c,2c,ee,0c,df,81,f2,44,9c,83,04,9d,b9,ae,11,19,28,ea,cf,84,
    08,4f,c4,9b,d6,da,49,5a,4e,98,bb,65,1b,68,82,00,5f,3f,4e,d9,96,b1,d0,cc,67,\
    "?? "=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

    [HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\License information*]
    "datasecu "=hex:b4,7c,02,9a,a8,fd,49,1e,71,20,25,04,4f,b9,9e,8c,9e,74,ad,88,b0,
    ae,93,a0,e7,c7,99,f5,24,5a,47,33,11,15,77,ac,01,d8,43,54,01,6e,7d,7b,af,b0,\
    "rkeysecu "=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(964)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll

    - - - - - - - > 'lsass.exe'(1020)
    c:\windows\system32\nvappfilter.dll
    .
    Completion time: 2011-02-24 17:44:37
    ComboFix-quarantined-files.txt 2011-02-25 01:44
    ComboFix2.txt 2011-02-20 22:44
    ComboFix3.txt 2011-02-19 23:41
    ComboFix4.txt 2010-05-13 18:17

    Pre-Run: 11,712,966,656 bytes free
    Post-Run: 11,679,219,712 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 7EE81AF956DF5D59DE3B29FCB721021C
     
  7. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    It looks like we solved winlogon.exe infection issue and Combofix log looks clean now.

    Before we proceed, I'd like to have some update on your computer behavior.
     
  8. 2011/02/24
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Windows seems to boot a lot faster and internet and explorer seem to browse smoother. Still no keyboard though.
     
  9. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    kbdclass.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. 2011/02/24
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    OTL Extras logfile created on: 2011-02-24 20:18:47 - Run 1
    OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Gideon\Desktop\hezb0ller
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.37 Gb Total Space | 10.93 Gb Free Space | 4.87% Space Free | Partition Type: NTFS
    Drive D: | 8.50 Gb Total Space | 0.77 Gb Free Space | 9.00% Space Free | Partition Type: FAT32
    Drive E: | 37.23 Gb Total Space | 37.12 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
    Drive F: | 488.45 Mb Total Space | 128.69 Mb Free Space | 26.35% Space Free | Partition Type: FAT
    Drive K: | 287.20 Gb Total Space | 55.79 Gb Free Space | 19.43% Space Free | Partition Type: NTFS
    Drive L: | 10.89 Gb Total Space | 7.70 Gb Free Space | 70.67% Space Free | Partition Type: NTFS

    Computer Name: TELETRAN | User Name: Gideon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- K:\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Java\jre1.5.0_05\bin\rmiregistry.exe" = C:\Program Files\Java\jre1.5.0_05\bin\rmiregistry.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Electronic Arts\Battlefield 2142\BF2142Pace.exe" = C:\Program Files\Electronic Arts\Battlefield 2142\BF2142Pace.exe:*:Enabled:BF2142Pace -- ()
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)
    "C:\Program Files\ComicRack\ComicRack.exe" = C:\Program Files\ComicRack\ComicRack.exe:*:Enabled:ComicRack -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
    "{002d9d5e-29ba-3e6d-9bc4-3d7d6dbc735c}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0AC087CB-B437-4624-B7E3-693DA53934BB}" =
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{18455581-e099-4ba8-bc6b-f34b2f06600c}" = Google Toolbar for Internet Explorer
    "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
    "{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
    "{270B0338-70EF-41AA-B2BF-165C098B7620}" = HOTLLAMA Media Player
    "{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
    "{2B18397C-473A-487B-B7A1-7B2A1A4FE245}" = ABITEQ V1.0.2.5
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
    "{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
    "{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
    "{582876EC-A178-44D4-9823-C10D6C62EAFF}" =
    "{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
    "{62369F2F77534556AEF4C58152E3BDE5}" =
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
    "{64CCBE26-A8EE-4D34-87BE-2AF3E5489574}" = Nepheton
    "{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
    "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657d0-a123-3c07-8e44-1c83ec895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{7F55748C-CCDB-4942-99F8-C221D7BD5C26}" = Nithonat
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1" = V-Station 1.6
    "{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1" = reFX Nexus 1.0.0
    "{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92cfe459-e641-4293-8884-83fb2b97fdfc}" = Firewire Family
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{99052db7-9592-4522-a558-5417bbad48ee}" = Microsoft ActiveSync
    "{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{a3051cd0-2f64-3813-a88d-b8dccde8f8c7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.50
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
    "{b2c3bb6b-e005-4246-b8e5-df0a4d073cdc}" = PixiePack Codec Pack
    "{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
    "{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
    "{BC975AF9-0C87-4361-8F4B-FBEF2FC7B3A9}" = Drumazon
    "{c09fb3cd-3d0c-3f2d-899a-6a1d67f2073f}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C896CE2E-E624-4724-9F17-4C0E5B55049C}" =
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{ce2cdd62-0124-36ca-84d3-9f4dcf5c5bd9}" = Microsoft .NET Framework 3.5 SP1
    "{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
    "{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9DD4D92-23EE-414B-9420-4CA4E0DF8447}" = WordPerfect - MAIL
    "{dc431222-e2d0-4c4a-9438-52d4626202b3}" = Saitek SST Programming Software
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
    "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
    "AC3Filter_is1" = AC3Filter 1.63b
    "Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro
    "Addictive Drums Inno Setup_is1" = Addictive Drums 1.5
    "AddressBook" =
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "adobe flash player activex" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Alchemy" = Alchemy
    "Architag XRay XML Editor" = Architag XRay XML Editor
    "ASIO4ALL" = ASIO4ALL
    "avast5" = avast! Pro Antivirus
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "BitTorrent" = BitTorrent
    "BitTorrentBar Toolbar" = BitTorrentBar Toolbar
    "Branding" =
    "Camel Audio Cameleon 5000 v1.7 VSTi" = Camel Audio Cameleon 5000 v1.7 VSTi
    "ClipX" = ClipX
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "ComicRack" = ComicRack v0.9.133
    "conduitEngine" = Conduit Engine
    "Connection Manager" =
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
    "DAEMON Tools Pro" = DAEMON Tools Pro
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DirectAnimation" =
    "DirectDrawEx" =
    "Disc Golf" = Disc Golf
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DXM_Runtime" =
    "EA Download Manager" = EA Download Manager
    "ffdshow_is1" = ffdshow v1.1.3426 [2010-05-09]
    "FileZilla Client" = FileZilla Client 3.3.2.1
    "Fontcore" =
    "Free YouTube Download_is1" = Free YouTube Download version 2.10.28
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ICW" =
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "IE40" =
    "IE4Data" =
    "IE5BAKEX" =
    "ie7" = Windows Internet Explorer 7
    "IEData" =
    "ImgBurn" = ImgBurn
    "InstallShield Uninstall Information" =
    "installshield_{149464d9-b06f-4505-9968-fd1206f67ad3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
    "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
    "installshield_{2bf0ae92-c3bc-4112-9066-1546342b1fae}" = Call of Duty(R) - World at War(TM) 1.2 Patch
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "InterActual Player" = InterActual Player
    "iZotope Ozone 4_is1" = iZotope Ozone 4
    "KeyStation1x1" = USB Keyboard Device 1.0.1.0
    "Lexmark 2300 Series" = Lexmark 2300 Series
    "live 8.0.1" = Live 8.0.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "microsoft .net framework 3.5 sp1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "miksoft mobile amr converter_is1" = MIKSOFT Mobile AMR converter
    "Minimonsta" = GForce - Minimonsta
    "MKVtoolnix" = MKVtoolnix 3.3.0
    "MobileOptionPack" =
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSI30a-KB884016" =
    "MSI30-Beta1" =
    "MSI30-Beta2" =
    "MSI30-KB884016" =
    "MSI30-RC1" =
    "MSI30-RC2" =
    "MSI31-Beta" =
    "MSI31-RC1" =
    "MSNINST" = MSN
    "Native Instruments FM8" = Native Instruments FM8
    "Native Instruments Massive" = Native Instruments Massive
    "Native Instruments Service Center" = Native Instruments Service Center
    "native instruments vokator" = Native Instruments Vokator
    "NetMeeting" =
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Oddity" = GForce - Oddity
    "OrangeVocoder_VST_2.02" = OrangeVocoder VST 2.02
    "OutlookExpress" =
    "PCHealth" =
    "Pixelformer" = Pixelformer
    "PunkBusterSvc" = PunkBuster Services
    "reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
    "Resource Tuner_is1" = Resource Tuner 1.99 R6
    "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    "Sandboxie" = Sandboxie 3.442
    "SchedulingAgent" =
    "Sonic Charge Synplant_is1" = Sonic Charge Synplant 1.0
    "SpeedFan" = SpeedFan (remove only)
    "SystemRequirementsLab" = System Requirements Lab
    "Tone2 FilterBank3_is1" = FilterBank v3.2
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
    "Wdf01000" =
    "Wdf01001" =
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "windows mobile device handbook" = Windows Mobile® Device Handbook
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMCSetup" =
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WordPerfect Office 2002" = WordPerfect Office 2002
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XILS-lab polyKB VSTi RTAS_is1" = XILS-lab polyKB VSTi RTAS v1.0
    "xpsepsc" = XML Paper Specification Shared Components Pack 1.0
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
    "Xvid_is1" = Xvid 1.2.1 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2011-02-03 12:07:08 | Computer Name = TELETRAN | Source = Application Hang | ID = 1002
    Description = Hanging application Skin Creator.exe, version 2.3.1.342, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2011-02-03 19:48:50 | Computer Name = TELETRAN | Source = Application Error | ID = 1000
    Description = Faulting application skin creator.exe, version 2.3.1.342, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    Error - 2011-02-04 07:02:07 | Computer Name = TELETRAN | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
    P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 2011-02-04 07:02:12 | Computer Name = TELETRAN | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb977354,
    P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 2011-02-05 07:00:24 | Computer Name = TELETRAN | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
    P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 2011-02-05 07:00:29 | Computer Name = TELETRAN | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb977354,
    P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 2011-02-06 07:00:23 | Computer Name = TELETRAN | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
    P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 2011-02-06 07:00:28 | Computer Name = TELETRAN | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb977354,
    P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 2011-02-07 07:00:34 | Computer Name = TELETRAN | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
    P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
    0.

    Error - 2011-02-07 07:00:40 | Computer Name = TELETRAN | Source = HotFixInstaller | ID = 5000
    Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb977354,
    P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
    0.

    [ System Events ]
    Error - 2011-02-24 23:59:00 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2011-02-25 00:02:43 | Computer Name = TELETRAN | Source = Service Control Manager | ID = 7034
    Description = The PinnacleUpdate Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 2011-02-25 00:02:59 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2011-02-25 00:02:59 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2011-02-25 00:02:59 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2011-02-25 00:02:59 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2011-02-25 00:03:09 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2011-02-25 00:03:09 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2011-02-25 00:22:29 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2011-02-25 00:22:39 | Computer Name = TELETRAN | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
    can be modified using the Component Services administrative tool.


    < End of report >
     
  11. 2011/02/24
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    OTL logfile created on: 2011-02-24 20:18:47 - Run 1
    OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Gideon\Desktop\hezb0ller
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.37 Gb Total Space | 10.93 Gb Free Space | 4.87% Space Free | Partition Type: NTFS
    Drive D: | 8.50 Gb Total Space | 0.77 Gb Free Space | 9.00% Space Free | Partition Type: FAT32
    Drive E: | 37.23 Gb Total Space | 37.12 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
    Drive F: | 488.45 Mb Total Space | 128.69 Mb Free Space | 26.35% Space Free | Partition Type: FAT
    Drive K: | 287.20 Gb Total Space | 55.79 Gb Free Space | 19.43% Space Free | Partition Type: NTFS
    Drive L: | 10.89 Gb Total Space | 7.70 Gb Free Space | 70.67% Space Free | Partition Type: NTFS

    Computer Name: TELETRAN | User Name: Gideon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-02-24 20:16:16 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gideon\Desktop\hezb0ller\OTL.exe
    PRC - [2010-09-07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010-04-17 02:56:06 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
    PRC - [2009-11-06 12:13:20 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    PRC - [2009-11-06 12:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
    PRC - [2009-07-20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2009-07-10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008-09-14 15:29:52 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006-11-13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    PRC - [2006-11-13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    PRC - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2006-03-30 13:58:14 | 000,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    PRC - [2006-03-30 13:54:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    PRC - [2006-03-30 13:54:18 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    PRC - [2006-03-01 11:44:38 | 000,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    PRC - [2006-02-06 23:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    PRC - [2005-09-09 16:24:16 | 000,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\SaiMfd.exe
    PRC - [2005-08-30 14:05:56 | 000,163,840 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\ProfilerU.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-02-24 20:16:16 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gideon\Desktop\hezb0ller\OTL.exe
    MOD - [2010-08-23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010-06-07 16:34:52 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
    MOD - [2010-06-02 23:48:04 | 002,308,200 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
    MOD - [2009-07-20 11:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2009-07-12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2006-08-16 10:23:42 | 000,086,016 | ---- | M] (M-Audio) -- C:\WINDOWS\system32\MA_CMIDN.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2010-09-07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010-09-07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010-09-07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010-04-17 02:56:06 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
    SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (nettcpportsharing)
    SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009-11-06 12:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2009-07-20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2009-02-16 16:39:00 | 002,736,890 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2008-08-08 20:24:06 | 000,258,048 | ---- | M] (KALiNKOsoft) [Auto | Stopped] -- C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
    SRV - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006-03-30 13:58:14 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
    SRV - [2006-03-30 13:54:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
    SRV - [2006-03-30 13:54:18 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
    SRV - [2006-03-01 11:44:38 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
    SRV - [2006-02-06 23:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
    SRV - [2005-07-25 14:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-02-12 12:02:28 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2010-10-04 13:12:58 | 000,139,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
    DRV - [2010-09-07 07:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2010-09-07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010-09-07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010-09-07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010-09-07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010-09-07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010-09-07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010-06-08 18:58:35 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
    DRV - [2010-06-08 18:58:35 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
    DRV - [2010-06-07 15:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2010-05-11 11:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
    DRV - [2010-04-17 02:56:02 | 000,115,944 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
    DRV - [2009-09-28 01:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
    DRV - [2009-09-15 12:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
    DRV - [2009-08-22 10:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2009-06-17 08:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2009-06-17 08:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009-06-17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009-01-23 09:49:08 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
    DRV - [2009-01-08 18:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DsAudioDevice_286.sys -- (dsaudiodevice_286)
    DRV - [2008-06-18 07:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (bvrpmpr5)
    DRV - [2008-06-16 15:28:18 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2008-04-14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
    DRV - [2008-04-14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
    DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007-09-21 03:10:54 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2007-09-21 03:10:26 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2007-09-21 03:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2007-08-28 16:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
    DRV - [2007-08-01 22:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
    DRV - [2006-09-24 05:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006-08-16 10:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
    DRV - [2006-07-01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2006-04-17 00:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006-03-21 21:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006-03-21 21:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006-03-21 21:23:50 | 000,109,568 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
    DRV - [2006-03-16 02:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
    DRV - [2005-12-08 13:53:06 | 000,004,608 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\ABIT-IO.sys -- (ABIT-IO)
    DRV - [2005-10-17 18:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
    DRV - [2005-09-12 03:50:13 | 000,176,384 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH80C0.sys -- (SaiH80C0)
    DRV - [2005-09-09 08:08:28 | 000,035,200 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
    DRV - [2005-09-09 08:08:24 | 000,013,824 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
    DRV - [2005-02-01 17:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
    DRV - [2004-12-31 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (npptnt2)
    DRV - [2004-09-27 15:42:42 | 000,142,080 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\deltafw.sys -- (DELTAFW)
    DRV - [2004-04-14 10:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2004-04-14 10:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2004-04-14 10:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2004-04-14 10:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2004-04-01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [1996-04-03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    IE - HKU\S-1-5-21-823518204-838170752-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-823518204-838170752-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-823518204-838170752-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392
    IE - HKU\S-1-5-21-823518204-838170752-725345543-1004\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-823518204-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-823518204-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo "
    FF - prefs.js..browser.search.defaultthis.engineName: "Conduit Engine Customized Web Search "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms} "
    FF - prefs.js..browser.search.order.1: "Ask "
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163 "
    FF - prefs.js..browser.search.selectedEngine: "Conduit Engine Customized Web Search "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=&SearchSource=13 "
    FF - prefs.js..extensions.enabledItems: ar@dictionaries.addons.mozilla.org:2.0.20080110
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
    FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p= "

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-01 21:42:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-24 21:08:54 | 000,000,000 | ---D | M]

    [2008-09-06 09:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Extensions
    [2011-02-24 08:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions
    [2009-08-24 09:41:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011-01-16 08:45:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011-01-08 09:00:40 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2010-12-05 18:14:33 | 000,000,000 | ---D | M] ( "DVDVideoSoft Menu ") -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2009-08-28 12:54:17 | 000,000,000 | ---D | M] (Arabic spell-checking dictionary) -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\ar@dictionaries.addons.mozilla.org
    [2011-01-08 09:00:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\extensions\engine@conduit.com
    [2009-07-20 17:56:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\searchplugins\ask.xml
    [2011-01-08 09:00:48 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\searchplugins\conduit.xml
    [2011-02-24 08:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008-06-16 16:09:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010-05-18 10:39:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010-04-05 14:09:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010-04-12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011-02-24 17:41:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-823518204-838170752-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)
    O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-823518204-838170752-725345543-1004..\Run: [DAEMON Tools Pro Agent] K:\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-823518204-838170752-725345543-1004..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-823518204-838170752-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-823518204-838170752-725345543-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-823518204-838170752-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-823518204-838170752-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-823518204-838170752-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Gideon\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
    O9 - Extra Button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
    O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (isInstalled Class)
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.putfile.com/includes/ImageUploader4-5.cab (Image Uploader Control)
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007-05-06 17:10:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001-07-28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: Midi1 - C:\WINDOWS\System32\usbkt1x1.dll (Doug Fetter Software Wizardry)
    Drivers32: Midi2 - C:\WINDOWS\System32\MA_CMIDN.DLL (M-Audio)
    Drivers32: midi3 - C:\WINDOWS\System32\MA_CMIDN.DLL (M-Audio)
    Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
     
  12. 2011/02/24
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (9222756310343221248)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-02-24 16:56:13 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011-02-22 08:01:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2011-02-21 13:50:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2011-02-21 13:50:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2011-02-21 13:50:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2011-02-21 13:50:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2011-02-21 13:44:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2011-02-19 10:39:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011-02-19 10:16:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011-02-19 10:16:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011-02-19 10:16:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011-02-19 10:11:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-02-16 13:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\Desktop\hezb0ller
    [2011-02-14 21:18:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    [2011-02-14 20:58:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
    [2011-02-14 20:32:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}
    [2011-02-14 20:32:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
    [2011-02-14 20:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
    [2011-02-13 17:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\XILS-lab
    [2011-02-13 14:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\D16 Group
    [2011-02-13 14:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\Start Menu\Programs\D16 Group
    [2011-02-12 12:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Addictive Drums
    [2011-02-12 12:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\My Documents\Addictive Drums
    [2011-02-12 12:02:28 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
    [2011-02-12 12:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\Application Data\DAEMON Tools Pro
    [2011-02-12 12:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
    [2011-02-12 11:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\(Default)
    [2011-02-12 11:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\reFX
    [2011-02-11 21:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Sylenth1
    [2011-02-11 21:03:13 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011-02-11 21:03:13 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011-02-11 21:03:13 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011-02-11 21:03:13 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011-02-11 21:03:13 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011-02-11 21:03:13 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011-02-11 21:03:13 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011-02-11 21:03:13 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011-02-11 21:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Pro Antivirus
    [2011-02-11 21:02:29 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011-02-11 21:02:28 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011-02-11 21:02:28 | 000,160,400 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gideon\Desktop\ashBase.dll
    [2011-02-11 21:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
    [2011-02-11 19:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Sonic Charge
    [2011-02-11 19:56:20 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
    [2011-02-11 19:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GForce
    [2011-02-11 17:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Camel Audio
    [2011-02-11 14:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\Start Menu\Programs\Camel Audio Cameleon 5000 v1.7 VSTi
    [2011-02-11 14:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\My Documents\FXpansion
    [2011-02-11 13:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\Start Menu\Programs\u-he
    [2011-02-11 13:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\Application Data\iZotope
    [2011-02-11 13:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gideon\My Documents\iZotope Ozone 4 Presets
    [2011-02-11 13:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iZotope
    [2011-02-11 10:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Tone2 FilterBank3
    [2011-02-11 10:15:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011-02-11 10:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011-02-11 10:15:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011-02-11 10:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011-02-11 09:17:08 | 002,440,704 | ---- | C] (AD © 2010) -- C:\WINDOWS\System32\SYNSOEMU.DLL
    [2007-06-30 09:25:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Gideon\Application Data\pcouffin.sys
    [2006-01-07 21:59:35 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
    [2006-01-07 21:59:35 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
    [2006-01-07 21:59:35 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
    [2006-01-07 21:59:35 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
    [2006-01-07 21:59:34 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
    [2006-01-07 21:59:34 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
    [2006-01-07 21:59:33 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011-02-24 20:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011-02-24 20:06:27 | 000,466,512 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011-02-24 20:06:27 | 000,080,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011-02-24 20:03:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011-02-24 20:02:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011-02-24 20:01:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011-02-24 17:41:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011-02-24 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TELETRAN-Gideon.job
    [2011-02-23 03:37:27 | 003,518,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011-02-23 03:16:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011-02-21 13:47:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011-02-20 13:51:14 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Gideon\Desktop\Shortcut to taskmgr.lnk
    [2011-02-19 10:39:43 | 000,000,339 | RHS- | M] () -- C:\boot.ini
    [2011-02-14 16:08:50 | 000,218,496 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2011-02-14 16:08:50 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2011-02-14 16:03:35 | 000,218,492 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2011-02-14 16:03:32 | 000,000,015 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2011-02-13 17:36:35 | 000,001,378 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
    [2011-02-12 12:02:28 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
    [2011-02-12 10:31:05 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Gideon\Application Data\Adobe PNG Format CS5 Prefs
    [2011-02-11 21:03:14 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Pro Antivirus.lnk
    [2011-02-11 21:03:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011-02-11 12:38:08 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
    [2011-02-11 12:38:08 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Gideon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011-02-11 10:15:59 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011-02-10 15:47:04 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Gideon\Application Data\Adobe BMP Format CS5 Prefs
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011-02-21 13:47:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
    [2011-02-21 13:47:26 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
    [2011-02-21 13:47:25 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
    [2011-02-20 13:51:14 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Gideon\Desktop\Shortcut to taskmgr.lnk
    [2011-02-19 10:16:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011-02-19 10:16:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011-02-19 10:16:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011-02-19 10:16:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011-02-19 10:16:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011-02-11 21:53:22 | 000,000,679 | ---- | C] () -- C:\Documents and Settings\Gideon\Minimonsta.vst.log
    [2011-02-11 21:46:31 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
    [2011-02-11 21:03:14 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Pro Antivirus.lnk
    [2011-02-11 14:47:31 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\minimp3.exe
    [2011-02-11 10:15:59 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011-01-31 09:47:12 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\Adobe PNG Format CS5 Prefs
    [2011-01-12 14:16:21 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\Adobe BMP Format CS5 Prefs
    [2010-10-04 08:14:22 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\PnkBstrK.sys
    [2010-08-25 19:35:17 | 000,000,466 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
    [2010-04-17 18:20:11 | 000,001,378 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
    [2010-04-14 13:29:16 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\Gideon\Local Settings\Application Data\3769731055
    [2010-04-14 13:29:16 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\3769731055
    [2010-04-14 11:24:19 | 000,016,536 | -HS- | C] () -- C:\Documents and Settings\Gideon\Local Settings\Application Data\6Y5qPA2XU80
    [2010-04-14 11:24:19 | 000,016,536 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\6Y5qPA2XU80
    [2010-04-14 10:41:40 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
    [2010-04-12 19:54:03 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
    [2010-03-02 16:00:00 | 004,999,987 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2010-03-02 16:00:00 | 001,641,487 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
    [2010-03-02 16:00:00 | 001,556,992 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2010-03-02 16:00:00 | 000,962,008 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2010-03-02 16:00:00 | 000,901,509 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010-03-02 16:00:00 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2010-03-02 16:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2010-03-02 16:00:00 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2010-03-02 16:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2010-03-02 16:00:00 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2010-03-02 16:00:00 | 000,163,328 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2010-03-02 16:00:00 | 000,153,502 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2010-03-02 16:00:00 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2010-03-02 16:00:00 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2010-03-02 16:00:00 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2010-03-02 16:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2010-03-02 16:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009-11-14 10:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
    [2009-11-14 10:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
    [2009-11-14 10:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
    [2009-11-14 10:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
    [2009-11-14 10:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
    [2009-11-14 10:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
    [2009-11-14 10:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
    [2009-11-14 10:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
    [2009-11-14 10:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
    [2009-11-14 10:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
    [2009-09-02 10:58:19 | 000,139,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2009-06-07 08:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009-03-18 18:42:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\$_hpcst$.hpc
    [2009-01-10 14:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
    [2008-11-06 08:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008-10-15 02:01:49 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008-10-08 14:33:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2008-09-23 15:35:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
    [2008-09-23 15:35:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
    [2008-09-23 15:35:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
    [2008-06-03 17:46:12 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
    [2008-03-17 17:28:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2008-02-19 13:45:05 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\PFP100JPR.{PB
    [2008-02-19 13:45:05 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\PFP100JCM.{PB
    [2007-11-29 03:43:54 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
    [2007-11-29 03:43:54 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
    [2007-11-29 03:43:54 | 000,026,762 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll_compressed
    [2007-11-29 03:43:54 | 000,023,261 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll_compressed
    [2007-11-26 23:01:15 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Gideon\Local Settings\Application Data\fusioncache.dat
    [2007-11-06 01:46:31 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
    [2007-10-13 01:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
    [2007-09-07 01:02:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2007-08-13 10:28:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
    [2007-08-08 09:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2007-07-06 09:29:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
    [2007-07-06 09:28:30 | 000,000,366 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2007-06-30 09:25:24 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\pcouffin.log
    [2007-06-30 09:25:09 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\pcouffin.cat
    [2007-06-30 09:25:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\pcouffin.inf
    [2007-06-29 11:38:53 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\ABIT-IO.sys
    [2007-06-27 11:36:04 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Gideon\Application Data\AutoGK.ini
    [2007-06-03 08:04:40 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2007-05-24 12:57:04 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Gideon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007-05-15 18:06:58 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
    [2007-05-06 20:42:44 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\SaiC80C0_0402.dll
    [2007-05-06 17:24:04 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
    [2007-05-06 09:54:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007-04-14 14:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2007-04-14 14:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2007-04-14 14:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2007-04-14 14:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2007-04-14 14:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2007-04-14 14:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2007-04-14 14:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2007-04-14 14:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2007-04-14 14:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2006-07-20 01:29:45 | 019,270,946 | ---- | C] () -- C:\Program Files\Themes.7z
    [2006-06-19 00:48:35 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
    [2006-01-07 21:59:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
    [1996-04-03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2007-05-14 06:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
    [2011-02-11 21:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
    [2007-11-19 20:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Borland
    [2011-02-12 12:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
    [2010-03-07 09:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts
    [2007-05-29 00:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\INAC
    [2009-09-01 19:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy
    [2009-08-26 11:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
    [2007-05-17 13:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
    [2007-05-06 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Propellerhead Software
    [2009-02-06 15:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RapidSolution
    [2011-01-12 13:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
    [2007-12-04 01:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
    [2010-04-14 10:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
    [2009-02-04 12:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
    [2007-12-04 04:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    [2008-10-08 13:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vkpsdedq
    [2011-02-14 20:32:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
    [2011-02-14 20:32:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}
    [2011-02-14 20:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
    [2011-02-14 20:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
    [2011-02-14 21:18:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
    [2009-07-20 18:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Ableton
    [2011-02-14 21:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\BitTorrent
    [2011-01-12 17:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010-12-09 16:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\cYo
    [2008-06-16 15:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\DAEMON Tools
    [2011-02-12 12:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\DAEMON Tools Pro
    [2010-12-05 18:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\DVDVideoSoftIEHelpers
    [2010-04-27 13:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\FileZilla
    [2011-02-11 14:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\FXpansion
    [2007-07-09 08:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\GetRightToGo
    [2007-12-05 10:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\GSC
    [2010-04-09 19:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\ImgBurn
    [2007-05-29 00:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\INAC
    [2007-05-17 13:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\InterTrust
    [2011-02-11 13:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\iZotope
    [2008-09-23 15:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\KALiNKOsoft
    [2007-09-13 03:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\LucasArts
    [2010-05-13 21:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\mkvtoolnix
    [2007-12-14 10:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\MSNInstaller
    [2009-09-01 19:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\PACE Anti-Piracy
    [2008-10-17 22:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Petroglyph
    [2007-05-06 18:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Propellerhead Software
    [2010-06-22 11:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\QuickScan
    [2007-05-29 00:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Registry Booster
    [2010-12-31 23:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Resource Tuner
    [2010-12-28 21:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Skin Creator Tool
    [2010-04-11 18:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Sony
    [2008-10-08 13:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\sp2
    [2011-01-12 21:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010-07-01 10:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\SystemRequirementsLab
    [2010-04-27 13:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Trillian
    [2010-04-05 08:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Ubisoft
    [2007-11-28 22:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Uniblue
    [2010-04-14 10:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Vso
    [2008-05-07 08:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Windows Live Writer

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010-03-25 10:29:33 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2007-05-26 05:59:09 | 000,251,642 | ---- | M] () -- C:\AnalysisLog.sr0
    [2006-01-14 13:01:25 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
    [2009-06-29 17:20:11 | 000,023,048 | ---- | M] () -- C:\ASLog.txt
    [2007-05-06 17:10:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010-04-17 12:13:01 | 000,000,057 | ---- | M] () -- C:\Avi2Dvd_Log.txt
    [2011-02-24 10:11:59 | 000,000,440 | ---- | M] () -- C:\blitzblank.log
    [2008-10-08 13:39:03 | 000,000,294 | ---- | M] () -- C:\Boot.bak
    [2011-02-19 10:39:43 | 000,000,339 | RHS- | M] () -- C:\boot.ini
    [2007-12-01 17:34:25 | 000,000,155 | ---- | M] () -- C:\check.bat
    [2008-07-14 16:40:49 | 000,001,826 | ---- | M] () -- C:\cleanup.txt
    [2004-08-10 04:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011-02-24 17:44:38 | 000,460,713 | ---- | M] () -- C:\ComboFix.txt
    [2005-08-31 04:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009-07-02 12:30:46 | 000,000,698 | ---- | M] () -- C:\deltaStartup.log
    [2008-03-12 21:20:31 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
    [2006-07-17 03:03:08 | 000,000,075 | ---- | M] () -- C:\DXMenu1.ini
    [2005-08-31 04:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008-04-13 10:46:46 | 000,000,096 | ---- | M] () -- C:\ioSpecial.ini
    [2007-05-18 07:07:39 | 000,002,786 | ---- | M] () -- C:\LGSInst.Log
    [2006-08-14 22:00:06 | 000,000,004 | ---- | M] () -- C:\loadcounter.dat
    [2006-08-01 19:09:00 | 000,003,174 | ---- | M] () -- C:\log.txt
    [2010-12-27 16:05:05 | 000,005,061 | ---- | M] () -- C:\lxcg.log
    [2007-05-25 03:36:31 | 000,000,275 | ---- | M] () -- C:\lxcgfire.000
    [2010-06-08 19:50:16 | 000,000,275 | ---- | M] () -- C:\lxcgfire.csv
    [2007-05-25 03:36:53 | 000,000,867 | ---- | M] () -- C:\lxcginst.000
    [2010-06-08 19:50:34 | 000,000,867 | ---- | M] () -- C:\lxcginst.csv
    [2011-02-06 15:43:57 | 000,013,752 | ---- | M] () -- C:\lxcgscan.log
    [2006-07-21 20:00:23 | 000,000,104 | ---- | M] () -- C:\Matress Sites.txt
    [2005-08-31 04:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006-12-04 14:11:32 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
    [2004-08-04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011-02-21 13:47:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011-02-24 20:01:47 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2006-08-24 17:34:39 | 000,002,002 | -H-- | M] () -- C:\PANDA.RPT
    [2006-11-20 12:02:46 | 021,426,176 | ---- | M] (Native Instruments GmbH) -- C:\Reaktor5.exe
    [2008-07-12 20:10:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008-07-12 21:03:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008-07-12 21:40:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2008-07-12 22:24:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2008-07-13 20:42:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2008-07-14 16:17:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008-02-21 01:50:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2008-02-21 04:42:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2008-02-25 10:34:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2008-02-26 01:50:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2008-02-27 01:50:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2008-03-31 14:29:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2008-04-10 02:07:08 | 000,000,172 | -H-- | M] () -- C:\sqmdata12.sqm
    [2008-04-10 17:14:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2008-04-10 17:18:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2008-04-11 11:56:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2008-04-11 11:58:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2008-06-06 08:38:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2008-06-11 02:06:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2008-07-01 15:52:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2008-04-11 11:58:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008-06-06 08:38:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008-06-11 02:06:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2008-07-01 15:52:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2008-07-12 20:10:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2008-07-12 21:03:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2008-07-12 21:40:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2008-07-12 22:24:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2008-07-13 20:42:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2008-07-14 16:17:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2008-02-21 01:50:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2008-02-21 04:42:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2008-02-25 10:34:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2008-02-26 01:50:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2008-02-27 01:50:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2008-03-31 14:29:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2008-04-10 02:07:08 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2008-04-10 17:14:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2008-04-10 17:18:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2008-04-11 11:56:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2006-12-29 01:12:33 | 000,000,022 | ---- | M] () -- C:\t.rar
    [2006-07-20 01:55:35 | 000,066,498 | ---- | M] () -- C:\tv3d_debug.txt
    [2001-11-05 07:30:50 | 000,165,376 | ---- | M] () -- C:\UNWISE.EXE
    [2008-04-26 08:34:54 | 000,021,824 | ---- | M] () -- C:\what's me without you 1.cpr
    [2008-04-23 15:37:31 | 000,019,301 | ---- | M] () -- C:\what's me without you.cpr
    [2006-08-03 01:24:35 | 000,000,150 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\Fonts\*.com >
    [2006-06-29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
    [2006-04-18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2007-05-06 17:09:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-07-06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005-08-16 23:53:52 | 000,073,728 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcgpp5c.dll
    [2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008-07-06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >
    [2009-04-16 10:49:43 | 000,179,747 | ---- | M] () -- C:\WINDOWS\system32\Nikky.JPG

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010-09-07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010-05-06 19:25:59 | 000,001,618 | -H-- | M] () -- C:\Documents and Settings\Gideon\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2006-07-20 01:35:30 | 019,270,946 | ---- | M] () -- C:\Program Files\Themes.7z
    [2006-07-20 01:41:24 | 000,008,192 | -HS- | M] () -- C:\Program Files\Thumbs.db
    [2006-06-19 00:48:35 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007-05-06 09:50:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007-05-06 09:50:35 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007-05-06 09:50:35 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011-02-21 19:16:29 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007-05-06 17:16:12 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Gideon\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2007-05-06 17:16:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Gideon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2009-09-05 23:32:38 | 2067,515,943 | ---- | M] () -- C:\Documents and Settings\Gideon\Desktop\BF2_Patch_1.50.exe
    [2009-11-16 08:34:47 | 003,004,832 | ---- | M] () -- C:\Documents and Settings\Gideon\Desktop\BitTorrent-6.3.exe
    [2010-04-27 13:28:44 | 001,412,147 | ---- | M] (Counter-Ztrike ) -- C:\Documents and Settings\Gideon\Desktop\Bullet Proof FTP Server SETUP.exe
    [2009-09-01 18:06:49 | 006,674,216 | ---- | M] (Electronic Arts, Inc.) -- C:\Documents and Settings\Gideon\Desktop\eadm-installer.exe
    [2005-12-12 08:37:38 | 000,413,696 | ---- | M] ((c) International Net Applications Corp ) -- C:\Documents and Settings\Gideon\Desktop\StartupManager.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007-12-02 01:36:11 | 000,000,135 | -H-- | M] () -- C:\Documents and Settings\Gideon\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >
    [2010-09-27 19:34:52 | 009,822,208 | ---- | M] () -- C:\Program Files\Mozilla Firefox\autorun.dat

    < %USERPROFILE%\Cookies\*.txt /x >
    [2008-05-12 07:31:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Gideon\Cookies\desktop.ini
    [2011-02-24 20:18:13 | 000,360,448 | -HS- | M] () -- C:\Documents and Settings\Gideon\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007-06-26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2010-04-17 18:19:57 | 000,670,880 | ---- | M] (tzuk) -- C:\WINDOWS\Installer\SandboxieInstall32.exe
    [18 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008-04-14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004-08-04 07:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004-08-04 07:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008-05-02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008-04-13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008-04-14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004-08-04 07:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004-08-04 07:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004-08-04 07:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007-05-22 11:37:46 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004-08-04 07:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004-08-04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: KBDCLASS.SYS >
    [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Documents and Settings\Gideon\Desktop\hezb0ller\New Folder (2)\i386\sp3.cab:kbdclass.sys
    [2004-08-04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
    [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
    [2008-04-14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdclass.sys
    [2008-04-14 00:09:48 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\ERDNT\cache\kbdclass.sys
    [2008-04-14 00:09:48 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
    [2008-04-13 10:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
    [2008-04-14 00:09:48 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\system32\drivers\kbdclass.sys
    [2004-08-03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 1262 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:L4VdYUdYqRgjTI58LNmIAoL
    @Alternate Data Stream - 1228 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:VtwdgF3OOURQiApdcmZp

    < End of report >
     
  13. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Is Avast complaining about kbdclass.sys file in this location: C:\WINDOWS\system32\drivers\kbdclass.sys?
    Right now, the file is still there somehow.
     
  14. 2011/02/24
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Avast has about 40 instances of it in the virus chest, however when I look at the file location it appears to be there. I don't get any warnings about it or. I wasn't sure if I should delete it from the virus chest or not.
     
  15. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, at this point, it looks like your keyboard issue is not caused by that particular driver.
    Are you still getting Avast warning on a bootup?
    You answer the above question and I'll take a look at your OTL log.
     
  16. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're running VERY low on C drive free space:
    ====================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.search.defaultthis.engineName:  "Conduit Engine Customized Web Search "
      FF - prefs.js..browser.search.defaulturl:  "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms} "
      FF - prefs.js..browser.search.order.1:  "Ask "
      FF - prefs.js..browser.search.selectedEngine:  "Conduit Engine Customized Web Search "
      FF - prefs.js..browser.startup.homepage:  "http://search.conduit.com/?ctid=&SearchSource=13 "
      FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
      [2009-07-20 17:56:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\searchplugins\ask.xml
      [2011-01-08 09:00:48 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\searchplugins\conduit.xml
      O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
      O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab (Reg Error: Key error.)
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/Driver...sysreqlab2.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2010-04-14 13:29:16 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\Gideon\Local Settings\Application Data\3769731055
      [2010-04-14 13:29:16 | 000,016,484 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\3769731055
      [2010-04-14 11:24:19 | 000,016,536 | -HS- | C] () -- C:\Documents and Settings\Gideon\Local Settings\Application Data\6Y5qPA2XU80
      [2010-04-14 11:24:19 | 000,016,536 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\6Y5qPA2XU80
      [2007-05-29 00:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Registry Booster
      [2007-11-28 22:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gideon\Application Data\Uniblue
      @Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
      @Alternate Data Stream - 1262 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:L4VdYUdYqRgjTI58LNmIAoL
      @Alternate Data Stream - 1228 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:VtwdgF3OOURQiApdcmZp
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. 2011/02/24
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Definitely not getting Avast warning on bootup. Matter of fact the day I started having this issue, I got one warning and I was half asleep and so I opted to quarantine and since then I haven't received that warning again or a keyboard.
     
  18. 2011/02/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK then....go on....
     
  19. 2011/02/25
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Prefs.js: "Conduit Engine Customized Web Search" removed from browser.search.defaultthis.engineName
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
    Prefs.js: "Ask" removed from browser.search.order.1
    Prefs.js: "Conduit Engine Customized Web Search" removed from browser.search.selectedEngine
    Prefs.js: "http://search.conduit.com/?ctid=&SearchSource=13" removed from browser.startup.homepage
    Prefs.js: engine@conduit.com:3.2.3.3 removed from extensions.enabledItems
    C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\searchplugins\ask.xml moved successfully.
    C:\Documents and Settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\searchplugins\conduit.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
    C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
    Starting removal of ActiveX control {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}\ not found.
    C:\WINDOWS\000001_.tmp deleted successfully.
    C:\WINDOWS\002985_.tmp deleted successfully.
    C:\Documents and Settings\Gideon\Local Settings\Application Data\3769731055 moved successfully.
    C:\Documents and Settings\All Users.WINDOWS\Application Data\3769731055 moved successfully.
    C:\Documents and Settings\Gideon\Local Settings\Application Data\6Y5qPA2XU80 moved successfully.
    C:\Documents and Settings\All Users.WINDOWS\Application Data\6Y5qPA2XU80 moved successfully.
    C:\Documents and Settings\Gideon\Application Data\Registry Booster folder moved successfully.
    C:\Documents and Settings\Gideon\Application Data\Uniblue\Registry Booster2 folder moved successfully.
    C:\Documents and Settings\Gideon\Application Data\Uniblue folder moved successfully.
    ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF deleted successfully.
    ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:L4VdYUdYqRgjTI58LNmIAoL deleted successfully.
    ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:VtwdgF3OOURQiApdcmZp deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator.TELETRAN-A40479
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users.WINDOWS

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gideon
    ->Temp folder emptied: 11429801 bytes
    ->Temporary Internet Files folder emptied: 107794 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 94165502 bytes
    ->Google Chrome cache emptied: 6093923 bytes
    ->Flash cache emptied: 3461 bytes

    User: HP_Administrator

    User: LocalService.NT AUTHORITY
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: PAT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 87631 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 187178 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 107.00 mb


    [EMPTYFLASH]

    User: Administrator.TELETRAN-A40479
    ->Flash cache emptied: 0 bytes

    User: All Users.WINDOWS

    User: Default User.WINDOWS
    ->Flash cache emptied: 0 bytes

    User: Gideon
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator

    User: LocalService.NT AUTHORITY
    ->Flash cache emptied: 0 bytes

    User: NetworkService.NT AUTHORITY
    ->Flash cache emptied: 0 bytes

    User: PAT

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.21.0 log created on 02252011_201744

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  20. 2011/02/25
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Pro Antivirus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9.3.3
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    ``````````End of Log````````````
     
  21. 2011/02/25
    Gideon

    Gideon Inactive Thread Starter

    Joined:
    2006/08/23
    Messages:
    175
    Likes Received:
    0
    Running online scan now...
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.