how-to block ads
|
|
Uniqs:
2330 |
Share Topic
 |
 |
|
|
|
 OliasCloser to believingPremium
join:2004-05-08
Wayne, NJ
 ·Optimum Online
| [Virus] Virus Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122101
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/20/2011 10:10:07 PM
mbam-log-2011-12-20 (22-09-54).txt
Scan type: Full scan (C:\|K:\|)
Objects scanned: 436816
Time elapsed: 1 hour(s), 56 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (2C) Good: (exefile) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Patrick\local settings\Temp\opre0.7463160959560963.exe (Trojan.FakeAlert) -> No action taken.
c:\system volume information\_restore{0244974b-5625-4f09-9337-01df509f5039}\RP308\A0088809.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\opre0.42855978299717135.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\opre0.5873847193266449.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\opre0.9165504481352942.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\kna0.6504122348387607.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\kna0.8950125319313343.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\kna0.9950624537850837.exe (Trojan.Dropper) -> No action taken.
OTL logfile created on: 12/20/2011 10:14:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Patrick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.72% Memory free
4.84 Gb Paging File | 3.82 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 459.75 Gb Total Space | 313.70 Gb Free Space | 68.23% Space Free | Partition Type: NTFS
Drive K: | 451.76 Gb Total Space | 223.42 Gb Free Space | 49.46% Space Free | Partition Type: NTFS
Computer Name: VALUED-8BABB634 | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/12/20 19:56:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2010/08/12 13:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/08/12 13:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 19:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/06/15 13:17:44 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/06/15 13:17:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/06/15 13:17:38 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 19:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/10/04 07:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 06:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011/10/14 17:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 07:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/11/01 08:58:58 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2005/08/05 16:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 15:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/05/20 19:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2004/10/04 07:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
MOD - [2004/10/04 07:46:50 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
MOD - [2004/10/04 06:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
MOD - [2003/05/30 15:47:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/08/12 13:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 13:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/17 10:51:58 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005/06/15 13:17:46 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/06/15 13:17:44 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/06/15 13:17:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/06/15 13:17:38 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/06/07 12:58:28 | 001,851,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/06/07 06:44:10 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/06/07 06:38:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/06/07 06:37:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/06/07 03:32:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/06/07 03:28:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/06/07 03:22:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/06/03 08:21:00 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/05/20 19:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/05 16:06:36 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/10/04 07:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 06:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2004/08/11 02:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 23:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 14:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2010/08/04 10:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/08/03 12:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/01/06 17:40:20 | 000,187,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CxPlrCap.sys -- (CXPLRCAP)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/09/12 13:22:54 | 000,540,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/09/12 13:22:24 | 000,443,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/12/02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/01 08:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 08:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 08:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 08:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 08:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 08:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 08:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 08:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/09/15 09:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 09:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/07/18 20:40:40 | 001,019,064 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/23 12:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 12:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 12:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/22 22:00:00 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/18 16:05:32 | 000,054,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.sys -- (L8042pr2)
DRV - [2004/10/18 16:05:18 | 000,015,126 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2004/10/18 16:05:14 | 000,073,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2004/10/18 16:05:00 | 000,026,104 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2004/10/18 16:04:52 | 000,037,814 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2004/08/05 23:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2000/12/05 18:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = »www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »news.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/01 15:14:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 15:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/16 17:37:12 | 000,000,000 | ---D | M]
[2011/03/21 20:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2011/06/28 17:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\3gagc4lx.default\extensions
[2011/03/21 20:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/03 15:03:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/03 12:45:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/27 22:24:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/08/27 22:24:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
Hosts file not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKCU..\Run: [EPSON WorkForce 600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »www.update.microsoft.com/microso···73232937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} »java.sun.com/update/1.5.0/jinsta···i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0708108E-656C-43E4-93B4-72DD5C8CA9AB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper HighColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper HighColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/20 16:26:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/20 16:26:24 | 000,000,000 | ---- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1caa93bc-4cf8-11e0-9190-001320a2aae6}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe
O33 - MountPoints2\{1caa93bc-4cf8-11e0-9190-001320a2aae6}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 2C] -- "C:\Documents and Settings\Patrick\Local Settings\Application Data\egq.exe" -a "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/12/20 20:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 20:04:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/20 19:56:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
[2011/12/20 19:55:31 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/20 19:52:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\TFC.exe
[2011/12/19 23:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/19 23:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/19 23:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/18 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/18 19:10:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/12/20 22:15:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/20 21:42:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/20 20:04:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 19:57:16 | 000,879,668 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\SecurityCheck.exe
[2011/12/20 19:56:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
[2011/12/20 19:55:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/20 19:52:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\TFC.exe
[2011/12/20 19:52:00 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2011/12/20 19:48:16 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/20 19:44:22 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 19:44:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/20 19:44:15 | 3219,357,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 23:12:25 | 000,014,296 | -HS- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\682347i1e737h257n417j4hgy7n0
[2011/12/19 23:12:25 | 000,014,296 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\682347i1e737h257n417j4hgy7n0
[2011/12/18 19:13:02 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/15 19:39:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/13 23:02:45 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\Microsoft Word 2007.lnk
[2011/12/13 21:19:01 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 21:06:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/12 20:39:02 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 20:03:28 | 000,073,780 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\rx_audio.Cache
[2011/12/11 20:03:22 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\rx_image32.Cache
[2011/12/11 19:08:06 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\My Account device-locator.URL
[2011/12/06 14:20:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/06 14:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/12/20 20:04:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 19:57:14 | 000,879,668 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\SecurityCheck.exe
[2011/12/19 23:34:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/19 22:39:28 | 000,014,296 | -HS- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\682347i1e737h257n417j4hgy7n0
[2011/12/19 22:39:28 | 000,014,296 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\682347i1e737h257n417j4hgy7n0
[2011/12/18 19:13:02 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/11 19:08:06 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\My Account device-locator.URL
[2011/12/06 14:20:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/10/19 20:05:29 | 000,016,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\merlinD.bin
[2011/09/17 17:53:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2011/09/17 17:53:40 | 000,001,456 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2011/09/04 20:11:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2011/09/04 20:11:46 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/04 20:11:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/06 18:17:53 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Patrick\Application Data\wklnhst.dat
[2011/03/23 14:08:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/03/20 22:58:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011/03/09 21:05:30 | 000,001,959 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/03/07 21:11:05 | 001,412,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/07 20:41:05 | 000,073,780 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\rx_audio.Cache
[2011/03/07 20:41:05 | 000,002,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\rx_image32.Cache
[2011/03/07 13:21:12 | 000,052,188 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/04 12:19:34 | 000,012,496 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/04 12:19:26 | 003,835,624 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/03/04 12:19:26 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/03/03 17:03:33 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/03 15:58:12 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2011/03/03 15:58:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2011/03/03 15:56:55 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2011/03/03 14:58:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/03/03 13:10:10 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/03/03 13:10:10 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/03/03 13:10:10 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/03/03 13:10:10 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/03/03 13:10:10 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/03/03 13:10:10 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/03/03 13:10:10 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/03/03 13:10:10 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/03/03 13:10:10 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/03/03 13:10:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/03/03 13:10:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/03/03 13:10:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/03/03 13:10:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/03/03 13:10:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/03/03 13:10:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/03/03 13:10:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/03/03 13:09:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPWF600.ini
[2011/03/02 21:46:43 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/03/02 19:13:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/02 17:33:32 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2011/03/02 17:17:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/02 17:12:00 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2011/03/02 17:09:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2011/03/02 17:08:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/03/02 17:08:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/03/02 17:08:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/03/02 17:08:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/03/02 17:08:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/03/02 17:08:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/03/02 17:07:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/17 12:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/08/21 13:24:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/21 12:25:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/21 12:07:18 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2005/08/20 17:20:46 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2005/08/20 17:20:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2005/08/20 16:34:12 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/20 16:28:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/20 16:23:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/20 16:14:29 | 000,081,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/20 16:14:25 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/20 16:14:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/20 16:14:03 | 000,520,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/20 16:14:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/20 16:14:03 | 000,095,434 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/20 16:14:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/20 16:14:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/20 16:14:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/20 16:14:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/20 16:14:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/20 16:14:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/20 16:13:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/20 16:13:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/20 09:20:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/20 09:19:45 | 000,253,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 16:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2003/07/17 12:46:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 20:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2001/08/20 18:04:24 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\regcodec.exe
[color=#E56717]========== LOP Check ==========[/color]
[2011/03/02 18:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2011/03/03 13:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/04/16 17:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/09/04 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2011/04/15 23:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Software
[2011/09/04 20:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/03 15:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/03/03 21:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/05 22:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\BitTorrent
[2011/11/06 09:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\dBpoweramp
[2011/03/03 23:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Digiarty
[2011/03/20 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Epson
[2011/03/22 20:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\GrabPro
[2011/03/03 23:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\ieSpell
[2011/03/02 17:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\InterMute
[2011/09/07 23:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\InterVideo
[2011/03/26 21:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Leadertech
[2011/12/20 19:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Orbit
[2011/03/25 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\PriceGong
[2011/03/03 23:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\ProgSense
[2011/04/06 18:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Template
[2011/03/27 22:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\WeatherBug
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
--
A clock unwinds, a flower dies... | |
OliasCloser to believingPremium
join:2004-05-08
Wayne, NJ Reviews:
·Optimum Online
| OTL Extras logfile created on: 12/20/2011 10:14:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Patrick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.72% Memory free
4.84 Gb Paging File | 3.82 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 459.75 Gb Total Space | 313.70 Gb Free Space | 68.23% Space Free | Partition Type: NTFS
Drive K: | 451.76 Gb Total Space | 223.42 Gb Free Space | 49.46% Space Free | Partition Type: NTFS
Computer Name: VALUED-8BABB634 | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = 2C] -- "C:\Documents and Settings\Patrick\Local Settings\Application Data\egq.exe" -a "%1" %*
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00CB213D-CA43-4CB7-A9ED-808E1D0E4739}" = Video Capture USB
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01AE599F-7B72-4135-8C56-9191F4ACBA88}" = VAIO Edit Components
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 4.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = Roxio Easy VHS to DVD Content
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{29999594-B540-4C88-A8D3-C99CA43809FC}" = Image Converter 2
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Easy VHS to DVD
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}" = Sony TV Tuner Library 1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{533D322D-7335-4352-BD02-E745FC9B099D}" = Sonic Foundry Sound Forge 5.0d
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6599091B-D42D-4765-ABC3-8B25E844C746}" = Roxio Easy CD and DVD Burning
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 4.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Easy VHS to DVD
"{7998F67D-655B-42E3-B651-18D96DD17268}" = Adobe Premiere Standard
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 4.2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CDFF5D2-89BF-4391-9D20-7D95C88DC98C}_is1" = Music Collector
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}" = ArcSoft ShowBiz
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 4.0
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BB5DA6E6-3C28-4D9D-817C-B181D08F3AF1}" = Driver Install 32-Bit
"{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}" = MediaFACE II
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E365AAB7-F160-4E2F-ACAC-28D487ACF47D}" = VAIO Original Screen Saver VAIO Scene SD Wide Contents
"{E40D6E16-6D7D-4AF3-9E13-B3A308571E81}" = Roxio Easy VHS to DVD
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.4.10
"{EA7FC832-8133-46B4-B2CF-5A955326D309}" = Wireless Desktop
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"CD7CFA9080156C3BB6CE0662E209EB7415EFCD0F" = Windows Driver Package - Roxio Technology (USB28xxBGA) Media (11/14/2008 5.8.0912.1114)
"Celestia_is1" = Celestia 1.6.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 600 Series" = EPSON WorkForce 600 Series Printer Uninstall
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Image Composer" = Microsoft Image Composer 1.5
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"InstallShield_{BB5DA6E6-3C28-4D9D-817C-B181D08F3AF1}" = Driver Install 32-Bit
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Orbit_is1" = Orbit Downloader
"PROSet" = Intel(R) PRO Network Connections Drivers
"Rhapsody" = Rhapsody
"TVEpaDrv" = Roxio Video Capture USB Driver
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 12/13/2011 10:02:07 PM | Computer Name = VALUED-8BABB634 | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 6.8.0.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/13/2011 10:02:10 PM | Computer Name = VALUED-8BABB634 | Source = Application Hang | ID = 1001
Description = Fault bucket 1868330668.
Error - 12/16/2011 9:19:52 PM | Computer Name = VALUED-8BABB634 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Error - 12/16/2011 9:19:57 PM | Computer Name = VALUED-8BABB634 | Source = Application Error | ID = 1001
Description = Fault bucket -1557370671.
Error - 12/19/2011 11:45:33 PM | Computer Name = VALUED-8BABB634 | Source = Application Hang | ID = 1002
Description = Hanging application egq.exe, version 8.0.6001.18702, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/19/2011 11:47:16 PM | Computer Name = VALUED-8BABB634 | Source = Application Hang | ID = 1002
Description = Hanging application egq.exe, version 8.0.6001.18702, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/20/2011 12:50:35 AM | Computer Name = VALUED-8BABB634 | Source = Application Hang | ID = 1002
Description = Hanging application egui.exe, version 4.2.64.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/20/2011 12:50:42 AM | Computer Name = VALUED-8BABB634 | Source = Application Hang | ID = 1001
Description = Fault bucket 1997729015.
Error - 12/20/2011 12:52:08 AM | Computer Name = VALUED-8BABB634 | Source = Application Hang | ID = 1002
Description = Hanging application egui.exe, version 4.2.64.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/20/2011 12:52:22 AM | Computer Name = VALUED-8BABB634 | Source = Application Hang | ID = 1001
Description = Fault bucket 1997729015.
[ System Events ]
Error - 12/20/2011 8:54:21 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 9:09:21 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 9:12:04 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 9:14:48 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 9:50:49 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 10:26:49 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 10:29:33 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 10:31:33 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 10:54:25 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 12/20/2011 11:06:32 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
I cannot open up the SecurityCheck program. I get a pop-up saying "The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll."
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F4HB1AQZ\main[1].htm JS/Kryptik.EQ.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\Patrick\Local Settings\Temp\opre0.7463160959560963.exe a variant of Win32/Kryptik.XRA trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan unable to clean
C:\WINDOWS\Temp\kna0.6504122348387607.exe a variant of Win32/Kryptik.XRD trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\kna0.8950125319313343.exe a variant of Win32/Kryptik.XQS trojan deleted - quarantined
C:\WINDOWS\Temp\kna0.9950624537850837.exe a variant of Win32/Kryptik.XQS trojan deleted - quarantined
C:\WINDOWS\Temp\opre0.42855978299717135.exe a variant of Win32/Kryptik.XQS trojan deleted - quarantined
C:\WINDOWS\Temp\opre0.5873847193266449.exe a variant of Win32/Kryptik.XQS trojan deleted - quarantined
C:\WINDOWS\Temp\opre0.9165504481352942.exe a variant of Win32/Kryptik.XQS trojan deleted - quarantined
Operating memory multiple threats
--
A clock unwinds, a flower dies... | |
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
·Comcast
| reply to Olias
Re: [Virus] Virus Please re-run MBAM, this time selecting all items detected for removal. When done. post the new log in this thread.
Here is the pertinent portion of the MBAM instructions, with the instruction for removal hilited.
The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
OliasCloser to believingPremium
join:2004-05-08
Wayne, NJ Reviews:
·Optimum Online
| reply to Olias
Hi Lisa, happy holidays! For some reason the esat online scan results did not display. I did the test twice to no avail. Here's what I can tell you though-I'm infected with the Win32/Sirefef.DT trojan bug. My esat NOD32 Antivirus program can't delete it. When I boot up and want to click onto a program I get the "Open with" window. I can't open up a program automatically.
--
A clock unwinds, a flower dies... | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to Olias
Do the following. After this is complete, then run MBAM again per my previous post.
The Kaspersky Rescue Disk is a bootable CD or USB based version of Kaspersky Antivirus.
You will find full instructions for download and use at the following links:
CD based: »support.kaspersky.com/faq/?qid=208282484
USB Based: »support.kaspersky.com/faq/?qid=208282163
Note: Please post the log (krd-log.txt) in your next reply
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
OliasCloser to believingPremium
join:2004-05-08
Wayne, NJ | Will this reformat my computer? Do I need to back up any imprtant files when I initiate this?
--
A clock unwinds, a flower dies... | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to Olias
No, this will not reformat your computer.
All important files should always be backed up on a regular schedule. Not just when something happens. Best is to image the drive. | |
OliasCloser to believingPremium
join:2004-05-08
Wayne, NJ Reviews:
·Optimum Online
| OK, I think I downloaded the Kaspersky Rescue Disc on my USB drive. I rebooted and went into my BIOS to see if the removable drive is enacted, which it was. But when I reboot again the standard Windows bootup occurs. How do I get it to boot from the USB?
--
A clock unwinds, a flower dies... | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
3 edits | reply to Olias
You can not just download the file to a USB device. You need a special program to create the bootable USB. It was listed in the instructions. The utility will take the Rescue Disk .iso file and write it to the USB drive, making it bootable in the process.
If you still have trouble booting from USB, rather than muck around, just use the CD version. | |
OliasCloser to believingPremium
join:2004-05-08
Wayne, NJ Reviews:
·Optimum Online
| OK, I think it worked. I'm rid of the Win32/Sirefef.DT trojan and the ping.exe file. However I still get the "Open with" window when I try to open a program and my ESAT Antivirus doesn't startup at boot. I'll post updated report in my next posts.
-It seems now I can open up the SecurityCheck program.
--
A clock unwinds, a flower dies... | |
OliasCloser to believingPremium
join:2004-05-08
Wayne, NJ Reviews:
·Optimum Online
| Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122801
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/27/2011 9:04:09 PM
mbam-log-2011-12-27 (21-04-09).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------
OTL logfile created on: 12/27/2011 9:09:29 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Patrick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.52% Memory free
4.84 Gb Paging File | 4.37 Gb Available in Paging File | 90.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 459.75 Gb Total Space | 315.40 Gb Free Space | 68.60% Space Free | Partition Type: NTFS
Drive K: | 451.76 Gb Total Space | 223.08 Gb Free Space | 49.38% Space Free | Partition Type: NTFS
Drive L: | 7.63 Gb Total Space | 7.40 Gb Free Space | 96.99% Space Free | Partition Type: FAT32
Computer Name: VALUED-8BABB634 | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/12/20 19:56:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/08/12 13:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/06/15 13:17:44 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/06/15 13:17:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/06/15 13:17:38 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 19:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/10/04 07:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 06:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011/10/14 17:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 07:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/08/05 16:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 15:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/05/20 19:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2004/10/04 07:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
MOD - [2004/10/04 07:46:50 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
MOD - [2004/10/04 06:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
MOD - [2003/05/30 15:47:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/08/12 13:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 13:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/17 10:51:58 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005/06/15 13:17:46 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/06/15 13:17:44 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/06/15 13:17:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/06/15 13:17:38 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/06/07 12:58:28 | 001,851,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/06/07 06:44:10 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/06/07 06:38:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/06/07 06:37:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/06/07 03:32:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/06/07 03:28:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/06/07 03:22:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/06/03 08:21:00 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/05/20 19:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/05 16:06:36 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/10/04 07:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 06:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2004/08/11 02:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 23:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 14:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2010/08/04 10:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/08/03 12:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/01/06 17:40:20 | 000,187,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CxPlrCap.sys -- (CXPLRCAP)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/09/12 13:22:54 | 000,540,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/09/12 13:22:24 | 000,443,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/12/02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/01 08:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 08:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 08:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 08:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 08:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 08:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 08:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 08:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/09/15 09:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 09:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/07/18 20:40:40 | 001,019,064 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/23 12:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 12:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 12:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/22 22:00:00 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/18 16:05:32 | 000,054,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.sys -- (L8042pr2)
DRV - [2004/10/18 16:05:18 | 000,015,126 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2004/10/18 16:05:14 | 000,073,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2004/10/18 16:05:00 | 000,026,104 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2004/10/18 16:04:52 | 000,037,814 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2004/08/05 23:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2000/12/05 18:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = »www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »news.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://news.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/01 15:14:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 15:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/16 17:37:12 | 000,000,000 | ---D | M]
[2011/03/21 20:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Extensions
[2011/06/28 17:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\3gagc4lx.default\extensions
[2011/03/21 20:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/03 15:03:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/03 12:45:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/27 22:24:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/08/27 22:24:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
Hosts file not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKCU..\Run: [EPSON WorkForce 600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »www.update.microsoft.com/microso···73232937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} »java.sun.com/update/1.5.0/jinsta···i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0708108E-656C-43E4-93B4-72DD5C8CA9AB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper HighColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper HighColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/20 16:26:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/20 16:26:24 | 000,000,000 | ---- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1caa93bc-4cf8-11e0-9190-001320a2aae6}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe
O33 - MountPoints2\{1caa93bc-4cf8-11e0-9190-001320a2aae6}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 2C] -- "C:\Documents and Settings\Patrick\Local Settings\Application Data\egq.exe" -a "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/12/27 21:03:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/27 19:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/12/27 19:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/12/25 16:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Desktop\Kaspersky Rescue2Usb
[2011/12/24 18:43:15 | 000,000,000 | ---D | C] -- C:\Winamp
[2011/12/23 23:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\ESET
[2011/12/20 22:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/12/20 20:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 20:04:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/20 19:56:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
[2011/12/20 19:55:31 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/20 19:52:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\TFC.exe
[2011/12/19 23:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/19 23:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/19 23:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/18 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/18 19:10:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/12/27 21:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/12/27 21:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/12/27 21:03:52 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/27 21:00:28 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/27 21:00:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 21:00:22 | 3219,357,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/27 20:42:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/27 20:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/12/27 20:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/12/27 19:45:16 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/27 19:39:20 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/12/27 19:34:37 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/12/26 23:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/12/26 23:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/12/26 22:47:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/26 22:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/12/26 22:12:59 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/12/26 19:12:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/12/26 19:12:59 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/12/26 18:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/12/26 18:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/12/26 17:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/12/26 17:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/12/26 16:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/12/26 16:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/12/26 15:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/12/26 15:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/12/26 14:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/12/26 14:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/12/26 13:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/12/26 13:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/12/26 12:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/12/26 12:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/12/26 11:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/12/26 11:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/25 16:57:44 | 000,387,584 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\rescue2usb.exe
[2011/12/25 16:44:44 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2011/12/25 10:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/12/25 10:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/12/24 19:25:41 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\Microsoft Word 2007.lnk
[2011/12/24 18:30:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1iG0H6.dat
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/23 23:31:53 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/23 16:26:33 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\SecurityCheck.exe
[2011/12/22 10:26:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/20 22:24:30 | 000,015,807 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\Untitled.jpg
[2011/12/20 20:04:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 19:56:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
[2011/12/20 19:55:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patrick\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/20 19:52:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\TFC.exe
[2011/12/19 23:12:25 | 000,014,296 | -HS- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\682347i1e737h257n417j4hgy7n0
[2011/12/19 23:12:25 | 000,014,296 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\682347i1e737h257n417j4hgy7n0
[2011/12/18 19:13:02 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/13 21:19:01 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 21:06:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/12 20:39:02 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 20:03:28 | 000,073,780 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\rx_audio.Cache
[2011/12/11 20:03:22 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\rx_image32.Cache
[2011/12/11 19:08:06 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\My Account device-locator.URL
[2011/12/06 14:20:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/06 14:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/12/27 19:39:20 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/12/27 19:34:41 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/27 19:34:37 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/12/25 16:57:44 | 000,387,584 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\rescue2usb.exe
[2011/12/24 18:30:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1iG0H6.dat
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/12/20 22:24:29 | 000,015,807 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\Untitled.jpg
[2011/12/20 20:04:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 19:57:14 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\SecurityCheck.exe
[2011/12/19 23:34:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/19 22:39:28 | 000,014,296 | -HS- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\682347i1e737h257n417j4hgy7n0
[2011/12/19 22:39:28 | 000,014,296 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\682347i1e737h257n417j4hgy7n0
[2011/12/18 19:13:02 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/11 19:08:06 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\My Account device-locator.URL
[2011/12/06 14:20:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/10/19 20:05:29 | 000,016,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\merlinD.bin
[2011/09/17 17:53:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2011/09/17 17:53:40 | 000,001,456 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2011/09/04 20:11:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2011/09/04 20:11:46 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/04 20:11:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/06 18:17:53 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Patrick\Application Data\wklnhst.dat
[2011/03/23 14:08:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/03/20 22:58:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011/03/09 21:05:30 | 000,001,959 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/03/07 21:11:05 | 001,412,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/07 20:41:05 | 000,073,780 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\rx_audio.Cache
[2011/03/07 20:41:05 | 000,002,520 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\rx_image32.Cache
[2011/03/07 13:21:12 | 000,052,188 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/04 12:19:34 | 000,012,496 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/04 12:19:26 | 003,835,624 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/03/04 12:19:26 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/03/03 17:03:33 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/03 15:58:12 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2011/03/03 15:58:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2011/03/03 15:56:55 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2011/03/03 14:58:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/03/03 13:10:10 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/03/03 13:10:10 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/03/03 13:10:10 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/03/03 13:10:10 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/03/03 13:10:10 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/03/03 13:10:10 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/03/03 13:10:10 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/03/03 13:10:10 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/03/03 13:10:10 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/03/03 13:10:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/03/03 13:10:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/03/03 13:10:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/03/03 13:10:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/03/03 13:10:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/03/03 13:10:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/03/03 13:10:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/03/03 13:09:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPWF600.ini
[2011/03/02 21:46:43 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/03/02 19:13:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/02 17:33:32 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2011/03/02 17:17:05 | 000,000,896 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/02 17:12:00 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2011/03/02 17:09:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2011/03/02 17:08:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/03/02 17:08:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/03/02 17:08:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/03/02 17:08:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/03/02 17:08:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/03/02 17:08:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/03/02 17:07:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/17 12:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/08/21 13:24:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/21 12:25:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/21 12:07:18 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2005/08/20 17:20:46 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2005/08/20 17:20:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2005/08/20 16:34:12 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/20 16:28:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/20 16:23:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/20 16:14:29 | 000,081,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/20 16:14:25 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/20 16:14:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/20 16:14:03 | 000,520,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/20 16:14:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/20 16:14:03 | 000,095,434 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/20 16:14:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/20 16:14:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/20 16:14:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/20 16:14:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/20 16:14:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/20 16:14:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/20 16:13:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/20 16:13:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/20 09:20:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/20 09:19:45 | 000,253,472 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 16:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2003/07/17 12:46:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 20:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2001/08/20 18:04:24 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\regcodec.exe
[color=#E56717]========== LOP Check ==========[/color]
[2011/03/02 18:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2011/03/03 13:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/04/16 17:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/12/27 19:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/09/04 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2011/04/15 23:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Software
[2011/09/04 20:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/03 15:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/03/03 21:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/05 22:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\BitTorrent
[2011/11/06 09:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\dBpoweramp
[2011/03/03 23:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Digiarty
[2011/03/20 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Epson
[2011/03/22 20:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\GrabPro
[2011/03/03 23:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\ieSpell
[2011/03/02 17:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\InterMute
[2011/09/07 23:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\InterVideo
[2011/03/26 21:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Leadertech
[2011/12/25 16:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Orbit
[2011/03/25 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\PriceGong
[2011/03/03 23:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\ProgSense
[2011/04/06 18:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Template
[2011/03/27 22:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\WeatherBug
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/12/25 10:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/12/25 10:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/12/26 11:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/12/26 11:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/12/26 12:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/12/26 12:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/12/26 13:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/12/26 13:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/12/26 14:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/12/26 14:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/12/26 15:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/12/26 15:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/12/26 16:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/12/26 16:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/12/26 17:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/12/26 17:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/12/26 18:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/12/26 18:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/12/26 19:12:59 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/12/26 19:12:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/12/27 20:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/12/27 20:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/12/27 21:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/12/27 21:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/12/26 22:12:59 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/12/26 22:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/12/26 23:13:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/12/26 23:13:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/12/24 18:30:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/12/24 18:30:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
--
A clock unwinds, a flower dies... | |
OliasCloser to believingPremium
join:2004-05-08
Wayne, NJ Reviews:
·Optimum Online
| OTL Extras logfile created on: 12/27/2011 9:09:29 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Patrick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.52% Memory free
4.84 Gb Paging File | 4.37 Gb Available in Paging File | 90.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 459.75 Gb Total Space | 315.40 Gb Free Space | 68.60% Space Free | Partition Type: NTFS
Drive K: | 451.76 Gb Total Space | 223.08 Gb Free Space | 49.38% Space Free | Partition Type: NTFS
Drive L: | 7.63 Gb Total Space | 7.40 Gb Free Space | 96.99% Space Free | Partition Type: FAT32
Computer Name: VALUED-8BABB634 | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = 2C] -- "C:\Documents and Settings\Patrick\Local Settings\Application Data\egq.exe" -a "%1" %*
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00CB213D-CA43-4CB7-A9ED-808E1D0E4739}" = Video Capture USB
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01AE599F-7B72-4135-8C56-9191F4ACBA88}" = VAIO Edit Components
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 4.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = Roxio Easy VHS to DVD Content
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{29999594-B540-4C88-A8D3-C99CA43809FC}" = Image Converter 2
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Easy VHS to DVD
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}" = Sony TV Tuner Library 1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{533D322D-7335-4352-BD02-E745FC9B099D}" = Sonic Foundry Sound Forge 5.0d
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6599091B-D42D-4765-ABC3-8B25E844C746}" = Roxio Easy CD and DVD Burning
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 4.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Easy VHS to DVD
"{7998F67D-655B-42E3-B651-18D96DD17268}" = Adobe Premiere Standard
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 4.2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CDFF5D2-89BF-4391-9D20-7D95C88DC98C}_is1" = Music Collector
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}" = ArcSoft ShowBiz
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 4.0
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BB5DA6E6-3C28-4D9D-817C-B181D08F3AF1}" = Driver Install 32-Bit
"{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}" = MediaFACE II
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E365AAB7-F160-4E2F-ACAC-28D487ACF47D}" = VAIO Original Screen Saver VAIO Scene SD Wide Contents
"{E40D6E16-6D7D-4AF3-9E13-B3A308571E81}" = Roxio Easy VHS to DVD
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.4.10
"{EA7FC832-8133-46B4-B2CF-5A955326D309}" = Wireless Desktop
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"CD7CFA9080156C3BB6CE0662E209EB7415EFCD0F" = Windows Driver Package - Roxio Technology (USB28xxBGA) Media (11/14/2008 5.8.0912.1114)
"Celestia_is1" = Celestia 1.6.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 600 Series" = EPSON WorkForce 600 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Image Composer" = Microsoft Image Composer 1.5
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"InstallShield_{BB5DA6E6-3C28-4D9D-817C-B181D08F3AF1}" = Driver Install 32-Bit
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Orbit_is1" = Orbit Downloader
"PROSet" = Intel(R) PRO Network Connections Drivers
"Rhapsody" = Rhapsody
"TVEpaDrv" = Roxio Video Capture USB Driver
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 12/20/2011 11:26:02 PM | Computer Name = VALUED-8BABB634 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.
Error - 12/20/2011 11:26:02 PM | Computer Name = VALUED-8BABB634 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.
Error - 12/24/2011 7:17:45 PM | Computer Name = VALUED-8BABB634 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Error - 12/24/2011 7:17:50 PM | Computer Name = VALUED-8BABB634 | Source = Application Error | ID = 1001
Description = Fault bucket -1557370671.
Error - 12/25/2011 3:19:19 PM | Computer Name = VALUED-8BABB634 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
with error: The connection with the server was terminated abnormally
Error - 12/25/2011 3:19:19 PM | Computer Name = VALUED-8BABB634 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
with error: This network connection does not exist.
Error - 12/25/2011 3:19:19 PM | Computer Name = VALUED-8BABB634 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
with error: This network connection does not exist.
Error - 12/25/2011 3:19:19 PM | Computer Name = VALUED-8BABB634 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
with error: This network connection does not exist.
Error - 12/25/2011 6:47:50 PM | Computer Name = VALUED-8BABB634 | Source = Application Error | ID = 1000
Description = Faulting application ntvdm.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x0e6f47d9.
Error - 12/25/2011 6:47:55 PM | Computer Name = VALUED-8BABB634 | Source = Application Error | ID = 1001
Description = Fault bucket -1538669031.
[ System Events ]
Error - 12/27/2011 9:49:36 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment File Import Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The ArcSoft Connect Daemon service terminated unexpectedly. It has
done this 1 time(s).
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The Photoshop Elements Device Connect service terminated unexpectedly.
It has done this 1 time(s).
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The SonicStageMonitoring service terminated unexpectedly. It has
done this 1 time(s).
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The Sony TVTA Manager service terminated unexpectedly. It has done
this 1 time(s).
Error - 12/27/2011 9:59:31 PM | Computer Name = VALUED-8BABB634 | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).
--------------------
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
ESET NOD32 Antivirus
ESET Online Scanner v3
SonicStage Mastering Studio Audio Filter Custom Preset
Antivirus up to date!
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
[color=red]Out of date Java installed![/color]
Adobe Flash Player ( 10.2.152.32) [color=red]Flash Player Out of Date![/color]
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
``````````End of Log````````````
------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9db1cf101e971d46bd5ba50ae451f46a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-21 04:43:17
# local_time=2011-12-20 11:43:17 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=8199 39157157 100 100 0 42660110 0 0
# scanned=252025
# found=10
# cleaned=8
# scan_time=4407
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F4HB1AQZ\main[1].htm JS/Kryptik.EQ.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Patrick\Local Settings\Temp\opre0.7463160959560963.exe a variant of Win32/Kryptik.XRA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Temp\kna0.6504122348387607.exe a variant of Win32/Kryptik.XRD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\kna0.8950125319313343.exe a variant of Win32/Kryptik.XQS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\kna0.9950624537850837.exe a variant of Win32/Kryptik.XQS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\opre0.42855978299717135.exe a variant of Win32/Kryptik.XQS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\opre0.5873847193266449.exe a variant of Win32/Kryptik.XQS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\opre0.9165504481352942.exe a variant of Win32/Kryptik.XQS trojan (deleted - quarantined) 00000000000000000000000000000000 C
${Memory} multiple threats 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9db1cf101e971d46bd5ba50ae451f46a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-23 11:58:06
# local_time=2011-12-23 06:58:06 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=8199 39157157 100 100 0 42902187 0 0
# scanned=257873
# found=3
# cleaned=1
# scan_time=4423
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HZ12RB61\xxxd[1].htm HTML/Iframe.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9db1cf101e971d46bd5ba50ae451f46a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-24 01:16:34
# local_time=2011-12-23 08:16:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=8199 39157157 100 100 0 42906728 0 0
# scanned=256394
# found=3
# cleaned=1
# scan_time=4586
# nod_component=V3 Build:0x30000000
C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Temp\slp936555808672575877.tmp a variant of Win32/Kryptik.WWJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} multiple threats 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9db1cf101e971d46bd5ba50ae451f46a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 03:35:54
# local_time=2011-12-27 10:35:54 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=8199 39157077 100 100 0 43261257 0 0
# scanned=225443
# found=0
# cleaned=0
# scan_time=4017
# nod_component=V3 Build:0x30000000
--
A clock unwinds, a flower dies... | |
 lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:51 | Just checking on you, Olias   | | |
|
|
