Solved Virus Problem (Black Internet rootkit)

broni · 2010/06/23

Update your Java version here: http://www.java.com/en/download/installed.jsp
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

==============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pete\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Pete · 2010/06/23

Notes :

My PC seems to have gotten worse over the days, its running slow and i am getting more popups such as asking me to make IE default browser etc.

Anyways, I tried the scan with the code pasted in.
After I clicked quick fix, i've seen "killing processes "
a message shows up that my system is shutting down in 1 minute, services.exe was terminated and it said error code 1.
Scan was still running and I believe it did not finish.
After restart, this .txt file was produced :

"
Files\Folders moved on Reboot...

Registry entries deleted on Reboot... "

I tried again ( computer was really slow after it restarted )

Same dialog showed up with 1 minute to shutdown.
During scan, seen a dialog from Avast! showing no action required and services.exe was stopped from starting up.
Just before the timer ran out, I've seen that OTL has finished and wanted to reboot, i hit OK. Shutting down.. saving settings .. PC froze here.

Forced reboot, after restarted OTL brought up this this .txt file :

"All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pete
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3470579 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 62031 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115449 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 89067534 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Pete
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.6.1 log created on 06232010_212753

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T3XNIF5O\iframe3[4].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T3XNIF5O\st[6] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6Q5VGWNI\iframe3[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6Q5VGWNI\st[4] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6Q5VGWNI\st[5] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6Q5VGWNI\st[6] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6Q5VGWNI\st[7] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\22EVE83Z\afr[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\22EVE83Z\st[5] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1WYKT15R\iframe3[4].htm moved successfully.

Registry entries deleted on Reboot...
"

broni · 2010/06/23

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Click to expand...

.....

Pete · 2010/06/23

Ofcourse, I was just going to lol

Quickscan log :

OTL logfile created on: 6/23/2010 9:48:11 PM - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Pete\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): D:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 10.30 Gb Free Space | 20.59% Space Free | Partition Type: NTFS
Drive D: | 61.78 Gb Total Space | 35.34 Gb Free Space | 57.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ----------
Current User Name: Pete
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\System Volume Information\Microsoft\smss.exe
PRC - File not found -- C:\System Volume Information\Microsoft\services.exe
PRC - [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2009/06/26 15:56:20 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/19 18:59:40 | 000,653,128 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFx.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/09/18 18:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe

========== Modules (SafeList) ==========

MOD - [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
MOD - [2008/04/14 08:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/02/01 14:46:20 | 000,035,144 | ---- | M] ( ) -- C:\Program Files\Stardock\CursorFX\CurXP0.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/30 20:02:09 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/25 05:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/12/03 19:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/25 11:16:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/25 16:11:28 | 001,533,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/11/13 12:43:00 | 000,580,608 | ---- | M] (PY Software) [Disabled | Stopped] -- C:\Program Files\Active WebCam\Watchdog.exe -- (ACTIVEWEBCAMWATCHDOG)

========== Driver Services (SafeList) ==========

DRV - [2010/06/18 15:32:50 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/18 15:32:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/06/18 15:32:50 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/29 13:42:49 | 000,139,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/12/03 04:49:10 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 14:21:27 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/05 11:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/05/01 01:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/05/12 23:06:44 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/14 01:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/10 20:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 09:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/06/07 20:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/05/23 17:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/31 16:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl)
DRV - [2007/03/31 16:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 13:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 13:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/23 13:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 13:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 13:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/03/05 13:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/01/30 15:12:06 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 03:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 22:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 1E F6 59 3B DB C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com/ncr "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.26
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {6E1A2A2E-AE2A-4A26-A812-46F54288379E}:3.6.0
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.030
FF - prefs.js..extensions.enabledItems: rein@notiz.jp:3.6.1
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: {20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}:3.13
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {12bc3590-67a6-11de-8a39-0800200c9a66}:3.6
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7
FF - prefs.js..extensions.enabledItems: devious_green@firefox.theme:0.08
FF - prefs.js..extensions.enabledItems: {13b4437e-b706-11dc-8314-0800200c9a66}:1.36.20100303
FF - prefs.js..extensions.enabledItems: glaze_black@www.theme-oasis.org:3.3
FF - prefs.js..extensions.enabledItems: {251297d0-6e53-11de-8a39-0800200c9a66}:3.6.15.02.10
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 19:11:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 21:12:35 | 000,000,000 | ---D | M]

[2009/07/24 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions
[2009/07/24 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/02/22 19:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/23 21:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions
[2010/03/30 19:50:00 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010/06/16 16:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/30 17:28:39 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2010/03/30 19:50:18 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (Eclipse) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
[2010/03/30 20:28:36 | 000,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}
[2010/06/19 20:11:16 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/03/30 20:28:53 | 000,000,000 | ---D | M] (Utopia FFSE White) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
[2010/03/30 20:28:47 | 000,000,000 | ---D | M] (Extero 2) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{251297d0-6e53-11de-8a39-0800200c9a66}
[2010/05/23 21:13:02 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/01/24 01:05:24 | 000,000,000 | ---D | M] (Full Flat) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2010/03/30 19:50:22 | 000,000,000 | ---D | M] (FennecFox) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010/03/30 19:50:07 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2010/06/22 18:57:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/02/19 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/02/10 14:07:08 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/05/01 10:50:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/18 15:14:23 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/03/12 20:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/05/11 08:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\cfxe@Triton
[2010/05/11 08:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\cfxHelper@Triton
[2010/03/30 19:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\chromifox@altmusictv.com
[2010/03/30 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\devious_green@firefox.theme
[2010/03/30 20:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/02/19 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Foxdie@tanjihay.com
[2010/02/19 21:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\FoxdieGraphite@tanjihay.com
[2010/03/30 20:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\glaze_black@www.theme-oasis.org
[2010/02/19 21:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\navertheme@nhncorp.com
[2010/02/19 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\redshift_V2@shift-themes.com
[2010/01/21 01:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\rein@notiz.jp
[2010/04/16 08:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\silvermel@pardal.de
[2010/04/16 08:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\silvermelxt@pardal.de
[2010/04/28 02:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Strata40@SpewBoy.au
[2010/06/22 19:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\youtube2mp3@mondayx.de
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2010/03/30 20:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensions
[2010/03/30 20:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensionsO
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/03/30 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\devious_green@firefox.theme\mozapps\extensions
[2010/04/28 02:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2009/11/09 18:57:15 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\searchplugins\winamp-search.xml
[2010/06/23 21:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/23 21:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/23 21:09:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2010/06/23 21:28:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - Startup: C:\Documents and Settings\Pete\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266743745718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1259328307765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/22 05:18:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/23 21:28:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/23 21:23:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/23 21:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/23 04:09:47 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
[2010/06/23 04:05:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/20 21:34:28 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/20 21:34:28 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/20 21:34:28 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/20 21:34:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/20 21:34:28 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/20 21:34:28 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/20 21:34:28 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/20 21:34:17 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/20 21:34:17 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/06/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/20 12:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/19 22:23:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pete\Recent
[2010/06/19 21:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Application Data\Deployment
[2010/06/18 15:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\Malwarebytes
[2010/06/18 15:37:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/18 15:37:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/18 15:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/17 17:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Application Data\Painkiller Resurrection
[2010/05/31 19:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTorrent 1.0
[2010/05/31 19:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\StreamTorrent
[2010/05/28 00:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\vlc
[2010/05/27 21:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/05/27 21:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2010/05/26 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\Canneverbe Limited
[2010/05/13 01:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/04/28 23:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Tunatic
[2010/04/18 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/18 13:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/18 12:32:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/18 12:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/18 12:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution.old
[2010/04/18 12:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/03/31 12:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2010/03/31 12:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
[2010/03/30 20:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/03/30 19:39:15 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010/03/30 19:39:15 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/03/30 19:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/03/26 00:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\ImgBurn

========== Files - Modified Within 90 Days ==========

[2010/06/23 21:42:26 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 21:42:26 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 21:42:26 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 21:39:29 | 000,134,696 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/06/23 21:39:20 | 000,230,258 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/23 21:37:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 21:37:47 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 21:35:02 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\Pete\ntuser.dat
[2010/06/23 21:35:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pete\ntuser.ini
[2010/06/23 21:28:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
[2010/06/22 01:19:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/20 22:30:01 | 000,158,243 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\avast results.JPG
[2010/06/20 21:34:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/20 21:34:28 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/20 12:08:31 | 000,000,250 | ---- | M] () -- C:\WINDOWS\BissHM.ini
[2010/06/20 12:08:25 | 000,000,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-121323.backup
[2010/06/20 12:02:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\HijackThis.lnk
[2010/06/19 19:58:26 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/19 19:58:26 | 000,000,460 | RHS- | M] () -- C:\boot.ini
[2010/06/18 17:22:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/18 17:14:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/18 15:34:38 | 002,742,748 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100618-153531.backup
[2010/06/17 18:29:44 | 000,134,696 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/06/16 15:08:51 | 000,078,612 | ---- | M] () -- C:\ReactorException.dmp
[2010/06/15 19:31:35 | 002,738,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100618-153438.backup
[2010/06/15 00:45:01 | 002,647,070 | -H-- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\IconCache.db
[2010/06/14 23:08:41 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/11 00:50:08 | 002,738,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100615-193135.backup
[2010/06/11 00:10:51 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/31 19:49:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\StreamTorrent 1.0.lnk
[2010/05/27 21:43:55 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Rosetta Stone Version 3.lnk
[2010/05/26 19:16:33 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/05/20 08:46:48 | 002,729,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100611-005008.backup
[2010/05/15 11:53:36 | 002,729,515 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-084648.backup
[2010/05/06 17:07:48 | 002,727,447 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100515-115336.backup
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 23:34:29 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Tunatic.lnk
[2010/04/26 13:03:37 | 002,727,087 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-170748.backup
[2010/04/19 16:18:53 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010/04/19 16:18:53 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010/04/18 14:03:13 | 002,726,329 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100426-130337.backup
[2010/04/08 19:24:36 | 000,095,800 | ---- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/31 13:02:38 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/30 23:07:09 | 002,715,341 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-140312.backup
[2010/03/26 00:52:16 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/03/26 00:52:16 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk

========== Files Created - No Company Name ==========

[2010/06/20 22:26:41 | 000,158,243 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\avast results.JPG
[2010/06/20 21:34:28 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/20 12:02:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\HijackThis.lnk
[2010/06/19 21:30:42 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/18 04:40:28 | 000,198,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/31 19:49:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\StreamTorrent 1.0.lnk
[2010/04/28 23:34:29 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\Tunatic.lnk
[2010/04/19 16:18:45 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010/04/19 16:18:45 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010/04/05 00:24:12 | 000,078,612 | ---- | C] () -- C:\ReactorException.dmp
[2010/03/26 00:52:16 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/03/26 00:52:16 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/12/07 02:10:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/07 02:10:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/07 02:10:42 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/07 02:10:42 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/07 02:10:41 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/07 02:10:41 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/29 16:59:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/10/27 12:45:30 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BissHM.ini
[2009/08/10 12:35:16 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/01 01:18:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/25 17:20:28 | 000,139,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/05/22 17:40:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/05/01 03:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 03:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 03:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 03:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 12:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 12:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/05/17 17:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 17:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 15:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 15:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/18 15:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/06/20 21:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/03 04:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/01 01:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/05/27 21:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/27 21:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2009/07/07 01:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/17 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/02 21:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/03/30 19:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/02 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\5600-6600 Series
[2010/05/26 19:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Canneverbe Limited
[2009/06/16 23:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\DAEMON Tools Lite
[2009/08/01 01:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\DAEMON Tools Pro
[2010/03/26 01:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\ImgBurn
[2009/09/25 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Lexmark Productivity Studio
[2010/04/07 06:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\LimeWire
[2010/05/31 19:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\StreamTorrent
[2009/12/13 10:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\SystemRequirementsLab
[2010/04/29 20:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\TeamViewer
[2009/05/24 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\TuneUp Software
[2010/06/19 22:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\uTorrent
[2009/12/03 04:29:07 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

< End of report >

broni · 2010/06/23

What exact kind of pop-ups are you getting?

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Pete · 2010/06/23

Thank you for your prompt reply.

I am getting pop ups such as IE dialogs asking me to make sure that IE is the default browser, on some rare occassions I get PC is infected etc. Continue with online scan. or some recommendation for certain antivirus programs.

usually its just blank popups, error loading pages in IE. or ads such as WoW, Xbox360, health ads, pharmacy discounts and on one occassion it was a "lottery application for US Citizenship "
Some ads have sound, and it plays an entire clip which i cant stop unless i kill all iexplore.exe processes

I will follow your instructions and post with updates as soon as possible.

broni · 2010/06/23

Ok

Pete · 2010/06/23

Update from TFC :

As soon as I hit start, I got the same message about System shutting down,
It went something like, Shutdown initiated by NT Authority/ System

System process C:/Windows/system32/services.exe unexpectedly terminated with status code 1

The process did finish and dialog box showed up to restart.

I'm going to run Kaspersky online scan and I will post with updates.

broni · 2010/06/23

Hold on...
If you started Kaspersky, that fine. If not, run this instead of TFC...
If you already started Kaspersky, run the tool listed below afterward...

Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Pete · 2010/06/23

Ran ATF Cleaner.

I forgot to mention, Sometimes dialog boxes like this pop up :

"Are you sure you want to navigate away from this page ?

-----------------------------------

WAIT ! before you leave CLICK CANCEL for you FREE DELL LAPTOP

CLICK CANCEL BELOW

------------------------------------------------

Press OK to continue or CANCEL to stay on the current page "

and other pop ups like these.

Running Kaspersky online now ... will post after finished.

broni · 2010/06/24

That kind of pop-up happen to everyone. Some web pages will employ such kind of nag.

Pete · 2010/06/24

Kaspersky Results :

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 24, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 23, 2010 21:46:55
Records in database: 4314567
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 103474
Threats found: 5
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 02:46:30

File name / Threat / Threats count
C:\Program Files\Bluetack\Blocklist Manager\Tools\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\Program Files\FlashMute\uninstall.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ih 1
D:\Setup Files\Internet\Safe Peer\Blocklist Manager\Blocklist_Manager_Install_2.7.7.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
D:\Setup Files\Utilities\Active WebCam 9.9\Active WebCam v9.9 Patch\Keygen.exe Infected: Trojan-GameThief.Win32.OnLineGames.sfbl 1
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\keyfinder.exe Infected: not-a-virusSWTool.Win32.RAS.g 1
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\keyfinder.exe Infected: not-a-virusSWTool.Win32.RAS.a 1
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\Windows WGA Patcher Permanent Kit.rar Infected: not-a-virusSWTool.Win32.RAS.g 1
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\Windows WGA Patcher Permanent Kit.rar Infected: not-a-virusSWTool.Win32.RAS.a 1

Selected area has been scanned.

Pete · 2010/06/24

"broni said: ↑

That kind of pop-up happen to everyone. Some web pages will employ such kind of nag.
Click to expand...

Yes they happen randomly and IE browser is not even open ( but its still running in processes)

broni · 2010/06/24

OK, we have a problem...
I can see this in Kaspersky scan:

D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit
Click to expand...

It makes me believe, you're running bootleg Windows...

Pete · 2010/06/24

My windows is genuine.

I've always had a bootleg copy in my hard drive just in case.
and I'm sure that is not the cause of my virus.

broni · 2010/06/24

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Program Files\Bluetack\Blocklist Manager\Tools\ipscan.exe 
C:\Program Files\FlashMute\uninstall.exe 
D:\Setup Files\Internet\Safe Peer\Blocklist Manager\Blocklist_Manager_Install_2.7.7.exe 
D:\Setup Files\Utilities\Active WebCam 9.9\Active WebCam v9.9 Patch\Keygen.exe 
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\keyfinder.exe 
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\keyfinder.exe 
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\Windows WGA Patcher Permanent Kit.rar 
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\Windows WGA Patcher Permanent Kit.rar

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Pete · 2010/06/24

Results from OTL "run fix" :

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Bluetack\Blocklist Manager\Tools\ipscan.exe moved successfully.
C:\Program Files\FlashMute\uninstall.exe moved successfully.
D:\Setup Files\Internet\Safe Peer\Blocklist Manager\Blocklist_Manager_Install_2.7.7.exe moved successfully.
D:\Setup Files\Utilities\Active WebCam 9.9\Active WebCam v9.9 Patch\Keygen.exe moved successfully.
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\keyfinder.exe moved successfully.
File\Folder D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\keyfinder.exe not found.
D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\Windows WGA Patcher Permanent Kit.rar moved successfully.
File\Folder D:\Setup Files\Utilities\Windows WGA Patcher Permanent Kit\Windows WGA Patcher Permanent Kit.rar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Pete
->Temp folder emptied: 110534901 bytes
->Temporary Internet Files folder emptied: 522334 bytes
->Java cache emptied: 666926 bytes
->FireFox cache emptied: 41952111 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1893 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2149026 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 51762352 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 198.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Pete
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.6.1 log created on 06242010_193710

Files\Folders moved on Reboot...
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L2ON2TL4\ad[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L2ON2TL4\st[9] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LYXULU\reduxentertainmentUSCA160x600[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1RQKQ7BP\ad[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1RQKQ7BP\iframe3[5].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1RQKQ7BP\stCA03I65E moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1RQKQ7BP\stCA1MJDT1 moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1RQKQ7BP\stCAV25CKD moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1RQKQ7BP\stCAVZMC2B moved successfully.

Registry entries deleted on Reboot...

Pete · 2010/06/24

Quick scan log :

OTL logfile created on: 6/24/2010 7:42:23 PM - Run 3
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Pete\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): D:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 10.22 Gb Free Space | 20.45% Space Free | Partition Type: NTFS
Drive D: | 61.78 Gb Total Space | 35.34 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ----------
Current User Name: Pete
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\System Volume Information\Microsoft\smss.exe
PRC - File not found -- C:\System Volume Information\Microsoft\services.exe
PRC - [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2009/06/26 15:56:20 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/19 18:59:40 | 000,653,128 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFx.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/09/18 18:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe

========== Modules (SafeList) ==========

MOD - [2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
MOD - [2008/04/14 08:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/02/01 14:46:20 | 000,035,144 | ---- | M] ( ) -- C:\Program Files\Stardock\CursorFX\CurXP0.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/30 20:02:09 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/02/25 05:59:54 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/25 05:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/12/03 19:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/25 11:16:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/25 16:11:28 | 001,533,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/11/13 12:43:00 | 000,580,608 | ---- | M] (PY Software) [Disabled | Stopped] -- C:\Program Files\Active WebCam\Watchdog.exe -- (ACTIVEWEBCAMWATCHDOG)

========== Driver Services (SafeList) ==========

DRV - [2010/06/18 15:32:50 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/18 15:32:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/06/18 15:32:50 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/29 13:42:49 | 000,139,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/12/03 04:49:10 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 14:21:27 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/05 11:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/05/01 01:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/05/12 23:06:44 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/14 01:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/10 20:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 09:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/06/07 20:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/05/23 17:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/31 16:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl)
DRV - [2007/03/31 16:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 13:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 13:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/23 13:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 13:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 13:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/03/05 13:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/01/30 15:12:06 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 03:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 22:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 1E F6 59 3B DB C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 19:11:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 21:12:35 | 000,000,000 | ---D | M]

[2009/07/24 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions
[2009/07/24 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/02/22 19:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/24 19:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions
[2010/03/30 19:50:00 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010/06/16 16:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/30 17:28:39 | 000,000,000 | ---D | M] (Phoenity Next (formerly Phoenity Reborn)) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2010/03/30 19:50:18 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (Eclipse) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
[2010/03/30 20:28:36 | 000,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}
[2010/06/19 20:11:16 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/03/30 20:28:53 | 000,000,000 | ---D | M] (Utopia FFSE White) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
[2010/03/30 20:28:47 | 000,000,000 | ---D | M] (Extero 2) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{251297d0-6e53-11de-8a39-0800200c9a66}
[2010/05/23 21:13:02 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/01/24 01:05:24 | 000,000,000 | ---D | M] (Full Flat) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2010/03/30 19:50:22 | 000,000,000 | ---D | M] (FennecFox) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010/03/30 19:50:07 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2010/06/22 18:57:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/02/19 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/02/10 14:07:08 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/05/01 10:50:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/18 15:14:23 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/03/12 20:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/05/11 08:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\cfxe@Triton
[2010/05/11 08:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\cfxHelper@Triton
[2010/03/30 19:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\chromifox@altmusictv.com
[2010/03/30 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\devious_green@firefox.theme
[2010/03/30 20:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/02/19 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Foxdie@tanjihay.com
[2010/02/19 21:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\FoxdieGraphite@tanjihay.com
[2010/03/30 20:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\glaze_black@www.theme-oasis.org
[2010/02/19 21:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\navertheme@nhncorp.com
[2010/02/19 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\redshift_V2@shift-themes.com
[2010/01/21 01:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\rein@notiz.jp
[2010/04/16 08:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\silvermel@pardal.de
[2010/04/16 08:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\silvermelxt@pardal.de
[2010/04/28 02:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Strata40@SpewBoy.au
[2010/06/22 19:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\youtube2mp3@mondayx.de
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/03/30 19:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2010/03/30 20:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensions
[2010/03/30 20:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}\chrome\mozapps\extensionsO
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010/03/30 19:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/03/30 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\devious_green@firefox.theme\mozapps\extensions
[2010/04/28 02:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2009/11/09 18:57:15 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\vyo3zjh0.default\searchplugins\winamp-search.xml
[2010/06/24 19:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/23 21:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/23 21:09:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2010/06/24 19:37:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - Startup: C:\Documents and Settings\Pete\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266743745718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1259328307765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/22 05:18:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/23 22:20:07 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\TFC.exe
[2010/06/23 21:28:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/23 21:23:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/23 21:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/23 04:09:47 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
[2010/06/23 04:05:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/20 21:34:28 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/20 21:34:28 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/20 21:34:28 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/20 21:34:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/20 21:34:28 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/20 21:34:28 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/20 21:34:28 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/20 21:34:17 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/20 21:34:17 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/06/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/20 21:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/20 12:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/19 22:23:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pete\Recent
[2010/06/19 21:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Application Data\Deployment
[2010/06/18 15:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\Malwarebytes
[2010/06/18 15:37:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/18 15:37:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/18 15:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/17 17:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Application Data\Painkiller Resurrection
[2010/05/31 19:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTorrent 1.0
[2010/05/31 19:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\StreamTorrent
[2010/05/28 00:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\vlc
[2010/05/27 21:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/05/27 21:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2010/05/26 19:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\Canneverbe Limited
[2010/05/13 01:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/04/28 23:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Tunatic
[2010/04/18 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/18 13:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/18 12:32:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/18 12:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/18 12:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution.old
[2010/04/18 12:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/03/31 12:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2010/03/31 12:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
[2010/03/30 20:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/03/30 19:39:15 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010/03/30 19:39:15 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/03/30 19:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010

========== Files - Modified Within 90 Days ==========

[2010/06/24 19:43:51 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 19:43:51 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 19:43:51 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/24 19:39:45 | 000,230,258 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/24 19:39:44 | 000,134,696 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/06/24 19:38:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/24 19:38:40 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/24 19:38:10 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\Pete\ntuser.dat
[2010/06/24 19:37:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/24 02:20:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Pete\ntuser.ini
[2010/06/23 22:20:07 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\TFC.exe
[2010/06/23 04:09:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTL.exe
[2010/06/22 01:19:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/20 22:30:01 | 000,158,243 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\avast results.JPG
[2010/06/20 21:34:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/20 21:34:28 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/20 12:08:31 | 000,000,250 | ---- | M] () -- C:\WINDOWS\BissHM.ini
[2010/06/20 12:08:25 | 000,000,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-121323.backup
[2010/06/20 12:02:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\HijackThis.lnk
[2010/06/19 19:58:26 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/19 19:58:26 | 000,000,460 | RHS- | M] () -- C:\boot.ini
[2010/06/18 17:22:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/18 17:14:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/18 15:34:38 | 002,742,748 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100618-153531.backup
[2010/06/17 18:29:44 | 000,134,696 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/06/16 15:08:51 | 000,078,612 | ---- | M] () -- C:\ReactorException.dmp
[2010/06/15 19:31:35 | 002,738,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100618-153438.backup
[2010/06/15 00:45:01 | 002,647,070 | -H-- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\IconCache.db
[2010/06/14 23:08:41 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/11 00:50:08 | 002,738,686 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100615-193135.backup
[2010/06/11 00:10:51 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/31 19:49:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\StreamTorrent 1.0.lnk
[2010/05/27 21:43:55 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Rosetta Stone Version 3.lnk
[2010/05/26 19:16:33 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/05/20 08:46:48 | 002,729,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100611-005008.backup
[2010/05/15 11:53:36 | 002,729,515 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-084648.backup
[2010/05/06 17:07:48 | 002,727,447 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100515-115336.backup
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 23:34:29 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Tunatic.lnk
[2010/04/26 13:03:37 | 002,727,087 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100506-170748.backup
[2010/04/19 16:18:53 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010/04/19 16:18:53 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010/04/18 14:03:13 | 002,726,329 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100426-130337.backup
[2010/04/08 19:24:36 | 000,095,800 | ---- | M] () -- C:\Documents and Settings\Pete\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/31 13:02:38 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/30 23:07:09 | 002,715,341 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100418-140312.backup

========== Files Created - No Company Name ==========

[2010/06/20 22:26:41 | 000,158,243 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\avast results.JPG
[2010/06/20 21:34:28 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/20 12:02:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\HijackThis.lnk
[2010/06/19 21:30:42 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/18 04:40:28 | 000,198,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/31 19:49:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\StreamTorrent 1.0.lnk
[2010/04/28 23:34:29 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\Tunatic.lnk
[2010/04/19 16:18:45 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010/04/19 16:18:45 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010/04/05 00:24:12 | 000,078,612 | ---- | C] () -- C:\ReactorException.dmp
[2009/12/07 02:10:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/07 02:10:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/07 02:10:42 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/07 02:10:42 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/07 02:10:41 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/07 02:10:41 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/29 16:59:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/10/27 12:45:30 | 000,000,250 | ---- | C] () -- C:\WINDOWS\BissHM.ini
[2009/08/10 12:35:16 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/01 01:18:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/25 17:20:28 | 000,139,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/05/22 17:40:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/05/01 03:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 03:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 03:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 03:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 12:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 12:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/05/17 17:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 17:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 15:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 15:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/18 15:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/06/20 21:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/03 04:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/01 01:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/05/27 21:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/27 21:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2009/07/07 01:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/17 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/02 21:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/03/30 19:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/02 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\5600-6600 Series
[2010/05/26 19:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Canneverbe Limited
[2009/06/16 23:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\DAEMON Tools Lite
[2009/08/01 01:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\DAEMON Tools Pro
[2010/03/26 01:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\ImgBurn
[2009/09/25 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\Lexmark Productivity Studio
[2010/04/07 06:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\LimeWire
[2010/05/31 19:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\StreamTorrent
[2009/12/13 10:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\SystemRequirementsLab
[2010/04/29 20:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\TeamViewer
[2009/05/24 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\TuneUp Software
[2010/06/19 22:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\uTorrent
[2009/12/03 04:29:07 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

< End of report >

broni · 2010/06/24

How is computer doing right now?

Pete · 2010/06/24

I sitll have usually 2 iexplore.exe processes running in task manager and I've just got a pop up.

Some notes :

I've researched my problem before hand and everywhere the common symptom is that in Documents and settings/Username/Application data/ (weird name)/ (weird name).exe was the culprit.
But I have the exact same problem ( LOP infection apparently ) and dont see any files/folders i dont recognize in that particular folder. Hence I'm asking for help here.

Also just now, I just did a bit of exploring in Windows/system32/ and found some of these similar hidden files , they all have the exact same size 80.5 kb.

1e07792.dll
16a8f790.dll
34bf0b9.dll
62e8f1e.dll
976913c.dll

Could these be the source of my problems ?

Thank you for your time again

Log in or Sign up

Solved Virus Problem (Black Internet rootkit)

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Virus Problem (Black Internet rootkit)

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

Pete Inactive Thread Starter

broni Moderator Malware Analyst

Pete Inactive Thread Starter

Share This Page

Useful Searches