Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - eye_opener

Pages: [1] 2 3
1
Tech Clinic / I am unable to uninstall programs
« on: January 18, 2010, 10:56:59 PM »
its fine now. idk what happen and now i can uninstall at first i couldn't

2
Tech Clinic / I am unable to uninstall programs
« on: January 18, 2010, 05:58:40 PM »
Malwarebytes' Anti-Malware 1.44
Database version: 3595
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

1/18/2010 4:57:12 PM
mbam-log-2010-01-18 (16-57-12).txt

Scan type: Quick Scan
Objects scanned: 101276
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Chris\AppData\Local\Temp\sultan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

3
Tech Clinic / I am unable to uninstall programs
« on: January 17, 2010, 11:37:34 PM »
here they are

OTL logfile created on: 1/17/2010 10:24:41 PM - Run 1
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Users\Chris\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 75.16 Gb Free Space | 26.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/01/17 22:21:53 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2010/01/07 11:33:50 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/18 04:24:40 | 00,427,328 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe
PRC - [2009/12/18 04:24:34 | 00,107,840 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2009/11/19 22:29:16 | 00,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/10/31 07:24:36 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/10/26 01:33:41 | 00,015,872 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/13 14:38:44 | 01,590,616 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/09/20 18:00:20 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2009/09/20 15:00:25 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/06 14:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/02 16:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/09/02 16:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 20:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/27 18:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/26 20:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/05/26 16:26:44 | 00,236,288 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/05/26 16:26:20 | 00,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/04/15 13:42:36 | 00,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2009/04/02 17:21:36 | 00,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/03/12 18:15:58 | 01,552,497 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/03/10 10:27:54 | 00,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009/02/16 12:11:44 | 00,269,824 | ---- | M] () -- C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 11:44:58 | 00,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/07/18 20:52:16 | 00,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/01/17 22:21:53 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2009/04/11 00:28:18 | 00,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV:64bit: - [2009/12/18 02:52:16 | 01,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/28 20:21:28 | 00,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2009/09/24 19:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/09/04 13:18:40 | 00,470,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2009/09/04 13:18:36 | 07,636,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/04/03 20:55:28 | 00,839,200 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/02/18 18:49:06 | 00,949,248 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 20:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/12/18 02:47:01 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/10 11:04:42 | 00,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/19 23:18:56 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/20 18:12:06 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/09/20 18:00:20 | 00,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
SRV - [2009/09/06 14:38:06 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/28 20:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/16 17:04:16 | 00,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/26 16:26:20 | 00,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/03/29 22:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/03/26 01:19:59 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 21:41:00 | 00,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/10/25 12:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/05/05 16:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 20:47:00 | 00,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 20:47:00 | 00,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 00:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV:64bit: - [2010/01/07 14:25:39 | 00,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/03 21:50:32 | 00,247,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009/12/03 21:50:32 | 00,038,416 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV:64bit: - [2009/09/30 18:51:42 | 00,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/28 22:57:28 | 00,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/08/28 20:42:52 | 00,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/14 12:18:49 | 00,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WudfPf.sys -- (WudfPf)
DRV:64bit: - [2009/05/18 15:17:08 | 00,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 00,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 00,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/10 23:39:51 | 00,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/10 23:39:35 | 00,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\winusb.sys -- (winusb)
DRV:64bit: - [2009/03/17 12:29:46 | 00,637,440 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/02/23 17:18:58 | 00,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/02/18 18:52:58 | 00,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/02/18 18:52:26 | 00,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2009/02/18 18:47:52 | 05,171,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/02/13 15:24:56 | 01,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 15:20:56 | 00,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 15:19:34 | 00,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/02/06 12:33:04 | 00,262,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/01/09 15:02:08 | 00,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/29 16:59:42 | 01,185,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/11/03 21:40:46 | 00,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\XAudio64.sys -- (XAudio)
DRV:64bit: - [2008/09/03 22:12:42 | 00,390,656 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (tm)
DRV:64bit: - [2008/07/21 17:34:42 | 00,147,984 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2008/07/09 17:28:32 | 00,026,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2008/06/27 07:51:10 | 00,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/28 18:54:18 | 00,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/02/06 03:00:00 | 00,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/20 20:49:47 | 00,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 20:47:27 | 00,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 20:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 20:46:57 | 00,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 20:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2006/06/18 23:27:24 | 00,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/28 22:57:28 | 00,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2008/01/20 20:49:57 | 00,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (winusb)
DRV - [2006/11/02 23:01:28 | 00,025,872 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)
DRV - [2006/09/18 15:36:40 | 00,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 15:35:23 | 00,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/18 23:26:50 | 00,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.58
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2009/11/03 22:30:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/07 11:33:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/07 11:33:54 | 00,000,000 | ---D | M]
 
[2009/11/23 10:18:19 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2009/11/04 22:47:48 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/10/30 21:48:07 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/01/17 22:15:35 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iyhp8ct9.default\extensions
[2009/12/18 02:10:57 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\iyhp8ct9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/23 10:17:36 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/12/18 08:36:37 | 00,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1            activate.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Program Files (x86)\PLFSetI.exe File not found
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [iPhone PC Suite] C:\Users\Chris\Desktop\iPhone PC Suite\iPhone PC Suite.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NordBull] C:\Windows\msa.exe File not found
O4 - HKCU..\Run: [PhoneDaemon] C:\Users\Chris\Desktop\iPhone PC Suite\PhoneDaemon.exe File not found
O4 - HKCU..\Run: [RIMDeviceManager] C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9:64bit: - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\x64\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13f1ce90-fbcb-11de-b5c7-001f16bf5c84}\Shell - "" = AutoRun
O33 - MountPoints2\{13f1ce90-fbcb-11de-b5c7-001f16bf5c84}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{5c1cac82-deca-11de-80be-001f16bf5c84}\Shell - "" = AutoRun
O33 - MountPoints2\{5c1cac82-deca-11de-80be-001f16bf5c84}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8e3a0093-b747-11de-8c1c-001f16bf5c84}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{8e3a0093-b747-11de-8c1c-001f16bf5c84}\Shell\Shell00\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{8e3a0093-b747-11de-8c1c-001f16bf5c84}\Shell\Shell01\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{8e3a0093-b747-11de-8c1c-001f16bf5c84}\Shell\Shell02\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{a7deb8c4-d9e3-11de-a83a-001f16bf5c84}\Shell - "" = AutoRun
O33 - MountPoints2\{a7deb8c4-d9e3-11de-a83a-001f16bf5c84}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/01/17 22:21:49 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010/01/15 20:07:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone(1)
[2010/01/15 19:54:33 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\Languages
[2010/01/14 01:02:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HyperCam Toolbar
[2010/01/14 01:02:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2
[2010/01/13 23:38:13 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\Rosetta Stone 3.4.5
[2010/01/13 00:30:25 | 00,000,000 | ---D | C] -- C:\Users\Chris\Incomplete
[2010/01/13 00:28:40 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\LimeWire
[2010/01/12 23:05:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Infinite Mind LC
[2010/01/12 22:14:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2010/01/12 22:14:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2010/01/12 22:04:24 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\rosetta stone
[2010/01/12 12:22:40 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/01/12 12:22:39 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/12 12:22:39 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/01/12 12:22:38 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/01/12 12:11:33 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\Rockstar Games
[2010/01/11 23:58:07 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Rockstar Games
[2010/01/11 22:59:12 | 00,000,000 | ---D | C] -- C:\Games
[2010/01/08 12:24:32 | 00,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Grid32.ocx
[2010/01/08 12:24:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Statistics Calculator
[2010/01/07 11:56:23 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010/01/07 11:56:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010/01/07 02:15:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010/01/06 21:39:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GraphCalc
[2010/01/05 18:57:25 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\AirMouse
[2010/01/05 18:57:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Air Mouse
[2010/01/05 18:55:50 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/01/02 14:21:39 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Xenocode
[2009/12/31 20:54:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SonicShack
[2009/12/30 17:12:20 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\Programs
[2009/12/30 17:11:32 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\Games
[2009/12/29 22:48:38 | 00,000,000 | ---D | C] -- C:\Users\Chris\Desktop\live CDS
[2009/12/29 03:00:12 | 00,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2009/12/29 03:00:09 | 00,000,000 | ---D | C] -- C:\AiroWizard
[2009/12/27 22:05:04 | 00,000,000 | ---D | C] -- C:\Lyrics
[2009/12/27 22:02:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Minilyrics
[2009/12/27 02:04:04 | 00,042,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2009/12/27 01:53:27 | 00,681,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2009/12/27 01:53:27 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2009/12/27 01:53:27 | 00,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2009/12/27 01:53:27 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WUDFPf.sys
[2009/12/27 01:53:27 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2009/12/27 01:49:23 | 00,000,000 | ---D | C] -- C:\Program Files\Zune
[2009/12/27 01:03:50 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\x86
[2009/12/27 01:03:44 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2009/12/25 01:14:31 | 00,000,000 | ---D | C] -- C:\ProgramData\FXhome
[2009/12/25 01:14:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FXhome PhotoKey 3 Pro
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/01/17 22:28:39 | 04,456,448 | -HS- | M] () -- C:\Users\Chris\ntuser.dat
[2010/01/17 22:21:53 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010/01/17 22:15:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/17 22:05:47 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/17 22:05:47 | 00,000,240 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2010/01/17 18:55:38 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/17 18:55:38 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/17 09:30:14 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/16 21:29:47 | 01,441,852 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat
[2010/01/16 21:29:38 | 00,007,764 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx
[2010/01/15 21:02:19 | 12,945,468 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2010/01/15 21:01:03 | 00,119,788 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2010/01/15 20:57:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/15 20:46:47 | 00,524,288 | -HS- | M] () -- C:\Users\Chris\ntuser.dat{143f25d9-0247-11df-ad0a-001f16bf5c84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/15 20:46:47 | 00,524,288 | -HS- | M] () -- C:\Users\Chris\ntuser.dat{143f25d9-0247-11df-ad0a-001f16bf5c84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/15 20:46:47 | 00,065,536 | -HS- | M] () -- C:\Users\Chris\ntuser.dat{143f25d9-0247-11df-ad0a-001f16bf5c84}.TM.blf
[2010/01/15 20:46:46 | 06,291,456 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010/01/15 20:23:30 | 00,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/01/15 20:23:30 | 00,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/01/14 21:03:42 | 00,117,760 | ---- | M] () -- C:\Users\Chris\Desktop\Bounce Cards and Data Input File.xls
[2010/01/14 01:14:35 | 27,401,372 | ---- | M] () -- C:\Users\Chris\Documents\clip0002.avi
[2010/01/14 01:12:27 | 75,712,788 | ---- | M] () -- C:\Users\Chris\Documents\clip0001.avi
[2010/01/12 23:05:13 | 00,001,921 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
[2010/01/12 12:07:42 | 00,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2010/01/12 08:11:02 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/12 08:11:02 | 00,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/12 08:11:02 | 00,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/08 18:24:27 | 00,010,272 | ---- | M] () -- C:\Users\Chris\Documents\UTA.docx
[2010/01/08 08:30:09 | 00,012,288 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 16:42:44 | 00,000,031 | ---- | M] () -- C:\Windows\SPS453.DAT
[2010/01/07 14:34:21 | 00,000,104 | ---- | M] () -- C:\Users\Chris\Documents\Computer.lnk
[2010/01/07 14:25:39 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/05 18:57:03 | 00,001,934 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
[2010/01/04 09:34:20 | 00,010,108 | ---- | M] () -- C:\Users\Chris\Documents\3422 g.docx
[2010/01/01 17:58:28 | 00,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/01/01 00:34:28 | 00,000,732 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
[2009/12/30 17:18:17 | 00,004,314 | ---- | M] () -- C:\Users\Chris\Documents\Microsoft office.mds
[2009/12/29 13:13:48 | 00,028,693 | ---- | M] () -- C:\Users\Chris\Documents\Tutorial.docx
[2009/12/29 12:02:05 | 00,019,213 | ---- | M] () -- C:\Users\Chris\Documents\Dentist Appointment.docx
[2009/12/28 19:41:57 | 00,011,216 | ---- | M] () -- C:\Users\Chris\Documents\2wire.docx
[2009/12/28 00:09:36 | 03,655,053 | ---- | M] () -- C:\Users\Chris\Documents\yea.mp3
[2009/12/27 12:19:17 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2009/12/27 12:13:54 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf
[2009/12/27 12:13:52 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2009/12/24 22:19:18 | 22,098,772 | ---- | M] () -- C:\Users\Chris\Documents\areyouready_full.pdf
[2009/12/24 22:14:03 | 04,714,372 | ---- | M] () -- C:\Users\Chris\Documents\cpg_101_layout1.pdf
[2009/12/24 22:12:59 | 01,642,897 | ---- | M] () -- C:\Users\Chris\Documents\cpg_101_layout.pdf
[2009/12/23 10:51:39 | 09,134,080 | ---- | M] () -- C:\Users\Chris\Documents\Umoja Flyer.indd
[2009/12/22 14:47:57 | 01,013,016 | ---- | M] () -- C:\Users\Chris\Documents\Umoja Flyer.pdf
[2009/12/21 10:05:44 | 02,986,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/01/15 23:06:00 | 45,416,0384 | ---- | C] () -- C:\Users\Chris\Desktop\Arabic - Level 1.iso
[2010/01/15 20:30:59 | 00,524,288 | -HS- | C] () -- C:\Users\Chris\ntuser.dat{143f25d9-0247-11df-ad0a-001f16bf5c84}.TMContainer00000000000000000002.regtrans-ms
[2010/01/15 20:30:59 | 00,524,288 | -HS- | C] () -- C:\Users\Chris\ntuser.dat{143f25d9-0247-11df-ad0a-001f16bf5c84}.TMContainer00000000000000000001.regtrans-ms
[2010/01/15 20:30:59 | 00,065,536 | -HS- | C] () -- C:\Users\Chris\ntuser.dat{143f25d9-0247-11df-ad0a-001f16bf5c84}.TM.blf
[2010/01/14 10:25:11 | 00,117,760 | ---- | C] () -- C:\Users\Chris\Desktop\Bounce Cards and Data Input File.xls
[2010/01/14 01:13:25 | 27,401,372 | ---- | C] () -- C:\Users\Chris\Documents\clip0002.avi
[2010/01/14 01:09:51 | 75,712,788 | ---- | C] () -- C:\Users\Chris\Documents\clip0001.avi
[2010/01/12 23:05:16 | 00,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
[2010/01/12 23:05:15 | 04,141,056 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.scr
[2010/01/12 23:05:13 | 00,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
[2010/01/12 04:46:33 | 00,027,205 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_depcheckdotnetfx30.txt
[2010/01/12 04:46:26 | 00,001,578 | ---- | C] () -- C:\Users\Chris\AppData\Local\uxeventlog.txt
[2010/01/12 04:46:26 | 00,000,604 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_dotnetfx3error.txt
[2010/01/12 04:46:25 | 00,033,080 | ---- | C] () -- C:\Users\Chris\AppData\Local\dd_dotnetfx3install.txt
[2010/01/07 16:42:44 | 00,000,031 | ---- | C] () -- C:\Windows\SPS453.DAT
[2010/01/07 14:34:21 | 00,000,104 | ---- | C] () -- C:\Users\Chris\Documents\Computer.lnk
[2010/01/05 18:57:03 | 00,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
[2010/01/05 14:33:10 | 00,010,272 | ---- | C] () -- C:\Users\Chris\Documents\UTA.docx
[2010/01/04 09:34:18 | 00,010,108 | ---- | C] () -- C:\Users\Chris\Documents\3422 g.docx
[2010/01/01 00:34:28 | 00,000,732 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
[2009/12/30 17:18:17 | 00,004,314 | ---- | C] () -- C:\Users\Chris\Documents\Microsoft office.mds
[2009/12/29 13:13:47 | 00,028,693 | ---- | C] () -- C:\Users\Chris\Documents\Tutorial.docx
[2009/12/29 12:02:04 | 00,019,213 | ---- | C] () -- C:\Users\Chris\Documents\Dentist Appointment.docx
[2009/12/28 19:41:24 | 00,011,216 | ---- | C] () -- C:\Users\Chris\Documents\2wire.docx
[2009/12/28 00:06:57 | 03,655,053 | ---- | C] () -- C:\Users\Chris\Documents\yea.mp3
[2009/12/27 12:19:17 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2009/12/27 12:13:54 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf
[2009/12/27 12:13:52 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2009/12/27 02:04:13 | 00,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2009/12/24 22:19:18 | 22,098,772 | ---- | C] () -- C:\Users\Chris\Documents\areyouready_full.pdf
[2009/12/24 22:14:03 | 04,714,372 | ---- | C] () -- C:\Users\Chris\Documents\cpg_101_layout1.pdf
[2009/12/24 22:12:59 | 01,642,897 | ---- | C] () -- C:\Users\Chris\Documents\cpg_101_layout.pdf
[2009/12/22 14:34:32 | 01,013,016 | ---- | C] () -- C:\Users\Chris\Documents\Umoja Flyer.pdf
[2009/12/22 14:33:44 | 09,134,080 | ---- | C] () -- C:\Users\Chris\Documents\Umoja Flyer.indd
[2009/12/02 21:12:57 | 00,002,184 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2009/12/01 00:46:18 | 00,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/20 00:40:39 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 00:20:29 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/15 14:44:18 | 00,000,263 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\iPod Access v4 Prefs
[2009/10/15 13:37:43 | 00,000,040 | -H-- | C] () -- C:\Users\Chris\AppData\Roaming\iPodAccessv4_OwnerName
[2009/10/15 13:37:43 | 00,000,040 | -H-- | C] () -- C:\ProgramData\iPodAccessv4_OwnerName
[2009/10/15 13:36:11 | 00,000,011 | -H-- | C] () -- C:\Users\Chris\AppData\Roaming\iPodAccess_Time
[2009/10/08 01:41:25 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/07 03:08:42 | 00,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2009/10/04 22:32:41 | 00,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009/09/20 20:18:15 | 00,012,288 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 12:25:53 | 00,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/03/04 15:49:37 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/03/04 15:49:37 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/03/04 15:48:52 | 00,000,061 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/03/04 15:48:52 | 00,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[1997/11/17 17:13:16 | 00,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C8B8CEBD
< End of report >


OTL Extras logfile created on: 1/17/2010 10:24:41 PM - Run 1
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Users\Chris\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 75.16 Gb Free Space | 26.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemR

4
Tech Clinic / I am unable to uninstall programs
« on: January 16, 2010, 12:05:42 AM »
I am using windows Vista and cannot uninstall any programs installed on my laptop
please help

5
Tech Clinic / Parse error
« on: March 23, 2009, 11:18:02 PM »
not on all sites just random ones

i am using windows 2000

and windows explore 6
and firefox

6
Tech Clinic / Parse error
« on: March 23, 2009, 10:10:30 PM »
idk if u can help me but i surely hope u can

i can't open this website not mine because of

Parse error: syntax error, unexpected T_VARIABLE

may u help me is there anything i can do open the website

i could view 2 days ago

7
Tech Clinic / MY pc is slow and idk....
« on: December 11, 2008, 02:07:43 PM »
Guaranteed-compatible memory upgrades for your HP - Compaq HP-Compaq 06C0 Motherboard Desktop/PC .
Scan Id: 414C57B531D926C3
 
 
drop down arrow
Crucial Recommends
Your system configuration

96MB Total

96MB current memory
 64MB
 32MB
 

0 empty slots
 
performance gain
 
Our suggested upgrades

512MB Total

96MB current memory removed *

512MB new memory added
 *256MB
 *256MB
 
 
performance gain
 
US $67.98
[X]
Part No: CT490161
Qty: 2
US $33.99 ea.

Total Price: US $67.98
 
view all compatible memory upgrades
 

 
 
drop down arrow
Your Crucial Scanner Results HP-Compaq 06C0 Motherboard Specifications
 

Currently installed memory:

 
  64MB
SDRAM, PC100
  32MB
SDRAM, PC133

 

Each memory slot can hold SDRAM, PC133 with a maximum of 256MB per slot.*

*Not to exceed manufacturer supported memory.

    * Maximum Memory Capacity:  512MB
    * Currently Installed Memory:  96MB
    * Available Memory Slots:  0
    * Number of Banks:  2
    * Dual Channel Support:   No
    * CPU Manufacturer:  GenuineIntel
    * CPU Family:  Intel Celeron processor Model 8, Stepping 10
    * CPU Speed:  797 MHz
    * The name of this model may not exactly match the model description of your system, our system scanner could not identify a specific model name when evaluating your computer. However, it was able to identify the motherboard your system utilizes.

 

Q: Will my system recognize the maximum upgrade?

A: Possibly

How much memory your Windows OS will recognize depends on which version of Windows you are running. 32-bit versions of Windows will see (and utilize) only 3GB or 3.5GB. To utilize more memory, install a 64-bit version of your OS. More information about OS memory maximums can be found at http://www.crucial.com/kb/answer.aspx?qid=4251.

Q: What memory goes into my computer, and can I mix speeds?

A: SDRAM memory with support for SDRAM, PC133 speeds.

Because SDR memory is backward-compatible, you can safely upgrade your system with any of the guaranteed-compatible SDR speeds listed below.

Q: How much memory can my computer handle?

A: 512MB.

Adding the maximum amount of memory will improve performance and help extend the useful life of your system as you run increasingly demanding software applications in the future.

Q: Do I have to install matching pairs?

A: No.

No, you can install modules one at a time, and you can mix different densities of modules in your computer. But if your computer supports dual-channel memory configurations, you should install in identical pairs (preferably in kits) for optimal performance.

Q: Does my computer support dual-channel memory?

A: No.

Your system does not support dual channel.

Q: Does my computer support ECC memory?

A: No.

Your system does not support ECC. Because ECC and non-ECC modules should not be mixed within a system, install the same type of modules that are already in your system.
 
 

 
All Compatibale Parts
Refine my choices
select all|clear

drop down arrow
MEMORY MODULE
We're now showing 1 of 1 compatible upgrades    show all

8
Tech Clinic / MY pc is slow and idk....
« on: December 11, 2008, 01:23:06 PM »
i have a Compaq Presario 5000

9
Tech Clinic / MY pc is slow and idk....
« on: December 09, 2008, 02:11:10 PM »
Everything is running fairly smooth.  I was just wondering what type and how much memory do you recomeded that I get?

10
Tech Clinic / MY pc is slow and idk....
« on: November 25, 2008, 09:35:30 PM »
Yes I ran the ATF cleaner no there is frewall
and as for the RAM it will be a while i am a struggling college student.

Here is the log you requested:

Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 5.0.2195 Service Pack 4

11/25/2008 8:28:39 PM
mbam-log-2008-11-25 (20-28-38).txt

Scan type: Quick Scan
Objects scanned: 47390
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

11
Tech Clinic / MY pc is slow and idk....
« on: November 25, 2008, 08:19:37 PM »
mbam log


Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.0.2195 Service Pack 4

11/25/2008 7:11:38 PM
mbam-log-2008-11-25 (19-11-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 84507
Time elapsed: 50 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Vundo


VundoFix V7.0.6

Scan started at 7:14:17 PM 11/25/2008

Listing files found while scanning....

No infected files were found.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:10 PM, on 11/25/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINNT\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\WINNT\system32\taskmgr.exe
D:\WINNT\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\winnt\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5700 bytes

12
Tech Clinic / MY pc is slow and idk....
« on: November 25, 2008, 03:10:32 PM »
Avira AntiVir Personal
Report file date: Monday, November 24, 2008  22:14

Scanning for 1049308 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows 2000
Windows version:  (Service Pack 4)  [5.0.2195]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    ALICE

Version information:
BUILD.DAT     : 8.2.0.336      16933 Bytes  10/30/2008 11:40:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes   6/26/2008 16:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes   5/26/2008 15:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes   6/12/2008 20:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes   5/26/2008 15:58:52
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  10/27/2008 00:25:16
ANTIVIR1.VDF  : 7.1.0.56      411136 Bytes   11/9/2008 00:25:25
ANTIVIR2.VDF  : 7.1.0.124     376832 Bytes  11/23/2008 00:25:29
ANTIVIR3.VDF  : 7.1.0.131      53248 Bytes  11/24/2008 00:25:30
Engineversion : 8.2.0.35  
AEVDF.DLL     : 8.1.0.6       102772 Bytes  10/14/2008 18:05:56
AESCRIPT.DLL  : 8.1.1.15      332156 Bytes  11/25/2008 00:25:53
AESCN.DLL     : 8.1.1.5       123251 Bytes  11/25/2008 00:25:51
AERDL.DLL     : 8.1.1.3       438645 Bytes  11/25/2008 00:25:50
AEPACK.DLL    : 8.1.3.4       393591 Bytes  11/25/2008 00:25:47
AEOFFICE.DLL  : 8.1.0.30      196986 Bytes  11/25/2008 00:25:45
AEHEUR.DLL    : 8.1.0.71     1487222 Bytes  11/25/2008 00:25:43
AEHELP.DLL    : 8.1.2.0       119159 Bytes  11/25/2008 00:25:36
AEGEN.DLL     : 8.1.1.5       323956 Bytes  11/25/2008 00:25:34
AEEMU.DLL     : 8.1.0.9       393588 Bytes  10/14/2008 18:05:56
AECORE.DLL    : 8.1.5.1       172406 Bytes  11/25/2008 00:25:32
AEBB.DLL      : 8.1.0.3        53618 Bytes  10/14/2008 18:05:56
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    7/9/2008 16:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes   5/16/2008 17:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes  11/25/2008 00:25:31
AVREG.DLL     : 8.0.0.1        33537 Bytes    5/9/2008 19:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes   2/12/2008 16:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes   6/12/2008 20:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes   1/23/2008 01:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes   6/12/2008 20:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes   1/25/2008 20:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes   6/12/2008 21:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes   6/27/2008 21:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, November 24, 2008  22:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNo' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb07.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winmgmt.exe' - '1' Module(s) have been scanned
Scan process 'stisvc.exe' - '1' Module(s) have been scanned
Scan process 'mstask.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'hidserv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\'
D:\pagefile.sys
    [WARNING]   The file could not be opened!
D:\WINNT\system32\aivjibnb.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49a212e8.qua'!
D:\WINNT\system32\aoetvwyv.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '499112f0.qua'!
D:\WINNT\system32\astfqkdb.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49a012f5.qua'!
D:\WINNT\system32\awttr.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49a012fc.qua'!
D:\WINNT\system32\besralse.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499f12ed.qua'!
D:\WINNT\system32\bqefivjv.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499112f9.qua'!
D:\WINNT\system32\bxyxdidl.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49a51301.qua'!
D:\WINNT\system32\cdvbwruc.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '49a212ef.qua'!
D:\WINNT\system32\clcplhdv.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '498f12fa.qua'!
D:\WINNT\system32\ddawv.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '498d12f8.qua'!
D:\WINNT\system32\ddcca.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '498f12f9.qua'!
D:\WINNT\system32\dfvwltyc.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49a212fd.qua'!
D:\WINNT\system32\dlfcbeep.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '49921304.qua'!
D:\WINNT\system32\dmcegjcn.dll
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE]      The file was moved to '498f1306.qua'!
D:\WINNT\system32\efebxyx.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49911307.qua'!
D:\WINNT\system32\efedd.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48f97810.qua'!
D:\WINNT\system32\efeed.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49911308.qua'!
D:\WINNT\system32\ewhgkael.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '4994131a.qua'!
D:\WINNT\system32\fbgcxcsc.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49931307.qua'!
D:\WINNT\system32\fccaw.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '498f1308.qua'!
D:\WINNT\system32\fccca.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '498f1309.qua'!
D:\WINNT\system32\fccyw.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '48e77f92.qua'!
D:\WINNT\system32\fcyay.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49a5130a.qua'!
D:\WINNT\system32\gdqdwskq.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '499d130d.qua'!
D:\WINNT\system32\gebyw.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '498e130e.qua'!
D:\WINNT\system32\geeed.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '4991130f.qua'!
D:\WINNT\system32\giwbvgue.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '49a31313.qua'!
D:\WINNT\system32\heayjpwa.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '498d1311.qua'!
D:\WINNT\system32\honqqgkp.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499a131c.qua'!
D:\WINNT\system32\iesplg.dll
    [DETECTION] Is the TR/Dldr.Zlob.btq.57 Trojan
    [NOTE]      The file was moved to '499f1315.qua'!
D:\WINNT\system32\iiifg.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49951319.qua'!
D:\WINNT\system32\iiihe.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '4995131a.qua'!
D:\WINNT\system32\iiiig.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '48fd7f83.qua'!
D:\WINNT\system32\imxolnyb.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49a41320.qua'!
D:\WINNT\system32\jamdymts.exe
    [DETECTION] Is the TR/Agent.anr.1 Trojan
    [NOTE]      The file was moved to '49991318.qua'!
D:\WINNT\system32\jkhfcbb.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49941323.qua'!
D:\WINNT\system32\jsfffipu.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '4992132b.qua'!
D:\WINNT\system32\jyswseoa.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499f1332.qua'!
D:\WINNT\system32\khfca.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49921323.qua'!
D:\WINNT\system32\khfdd.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48fa7fbc.qua'!
D:\WINNT\system32\khfff.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49921325.qua'!
D:\WINNT\system32\khhhf.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49941324.qua'!
D:\WINNT\system32\kjqtilbd.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499d1326.qua'!
D:\WINNT\system32\ksompbdo.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Click.Small.MW Trojan
    [NOTE]      The file was moved to '499b1330.qua'!
D:\WINNT\system32\lhyqeppl.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '49a51326.qua'!
D:\WINNT\system32\ljhiged.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49941328.qua'!
D:\WINNT\system32\ljjkj.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      The file was moved to '49961329.qua'!
D:\WINNT\system32\lwdxqepr.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49901338.qua'!
D:\WINNT\system32\lxqitfki.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499d1339.qua'!
D:\WINNT\system32\maefxmqd.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '49911322.qua'!
D:\WINNT\system32\nmhgpgld.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '4994133f.qua'!
D:\WINNT\system32\nnlig.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE]      The file was moved to '49981340.qua'!
D:\WINNT\system32\nnllm.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '48f07fd9.qua'!
D:\WINNT\system32\nnlmn.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49981341.qua'!
D:\WINNT\system32\nnnlj.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '499a1341.qua'!
D:\WINNT\system32\oppmk.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '499c1350.qua'!
D:\WINNT\system32\oppmlki.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48f47fc9.qua'!
D:\WINNT\system32\oppmn.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '499c1351.qua'!
D:\WINNT\system32\oqbbcdjh.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '498e1352.qua'!
D:\WINNT\system32\orwnkwgi.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '49a31354.qua'!
D:\WINNT\system32\osqkwpsm.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499d1357.qua'!
D:\WINNT\system32\pmkki.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49971358.qua'!
D:\WINNT\system32\pmklihi.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48ff7fc1.qua'!
D:\WINNT\system32\qaxtcsdx.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '49a41350.qua'!
D:\WINNT\system32\qjufcydn.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49a1135c.qua'!
D:\WINNT\system32\qvhxftfy.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '4994136b.qua'!
D:\WINNT\system32\qyqfoxiu.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499d136f.qua'!
D:\WINNT\system32\rqolj.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '499b1370.qua'!
D:\WINNT\system32\rqomj.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '499b1371.qua'!
D:\WINNT\system32\rqomjhf.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48f37fea.qua'!
D:\WINNT\system32\rqonl.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '499b1372.qua'!
D:\WINNT\system32\rqonm.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48f37feb.qua'!
D:\WINNT\system32\rqopo.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '499b1374.qua'!
D:\WINNT\system32\rwkqlhis.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '4997137c.qua'!
D:\WINNT\system32\ryqxfeut.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '499d137e.qua'!
D:\WINNT\system32\scmeamnu.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '4999136b.qua'!
D:\WINNT\system32\snjvxqwd.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49961380.qua'!
D:\WINNT\system32\ssqnk.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '499d138a.qua'!
D:\WINNT\system32\sstqr.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49a0138b.qua'!
D:\WINNT\system32\sstsq.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48c87f14.qua'!
D:\WINNT\system32\ssttq.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49a0138c.qua'!
D:\WINNT\system32\stibolsi.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '4995138d.qua'!
D:\WINNT\system32\sygwclsy.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49931394.qua'!
D:\WINNT\system32\tflpavsh.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49981389.qua'!
D:\WINNT\system32\tusqp.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '499f139c.qua'!
D:\WINNT\system32\tustq.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '499f139d.qua'!
D:\WINNT\system32\tuvsp.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49a2139d.qua'!
D:\WINNT\system32\tuvtq.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49a2139e.qua'!
D:\WINNT\system32\tuvtt.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '48ca7f07.qua'!
D:\WINNT\system32\uediroeo.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '4990138f.qua'!
D:\WINNT\system32\umbfipli.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '498e1399.qua'!
D:\WINNT\system32\urqqq.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '499d13a1.qua'!
D:\WINNT\system32\urspm.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '499f13a1.qua'!
D:\WINNT\system32\uueamvxr.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '499113a6.qua'!
D:\WINNT\system32\vtsro.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '499f13aa.qua'!
D:\WINNT\system32\vtsrpqn.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48f77f33.qua'!
D:\WINNT\system32\vtssq.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '499f13ab.qua'!
D:\WINNT\system32\vturr.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49a113ab.qua'!
D:\WINNT\system32\vtuus.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49a113ac.qua'!
D:\WINNT\system32\vurrjvdd.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499e13ad.qua'!
D:\WINNT\system32\wsepcnif.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '499113c5.qua'!
D:\WINNT\system32\wvurr.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49a113cc.qua'!
D:\WINNT\system32\wvwvt.exe
   
  • Archive type: RSRC

    --> Object
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49a313cd.qua'!
D:\WINNT\system32\xptsuiie.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '49a013c8.qua'!
D:\WINNT\system32\xrkjqbfl.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '499713ca.qua'!
D:\WINNT\system32\xubhjsbk.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '498e13ce.qua'!
D:\WINNT\system32\xxwxy.exe
   
  • Archive type: OVL

    --> Object
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '49a313d1.qua'!
D:\WINNT\system32\yfthvhvj.exe
    [DETECTION] Is the TR/Agent.aoy.1 Trojan
    [NOTE]      The file was moved to '49a013c0.qua'!
D:\WINNT\system32\ymmnmgjb.exe
    [DETECTION] Is the TR/Click.Agent.NP Trojan
    [NOTE]      The file was moved to '499913c7.qua'!
D:\WINNT\Οracle\fast.exe~
    [DETECTION] Is the TR/Dldr.Age.70144.2 Trojan
    [NOTE]      The file was moved to '499f14c0.qua'!


End of the scan: Tuesday, November 25, 2008  09:06
Used time: 10:51:52 Hour(s)

The scan has been done completely.

   3258 Scanning directories
 187794 Files were scanned
    110 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
    110 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 187683 Files not concerned
   3842 Archives were scanned
      1 Warnings
    110 Notes



Also everything is running relatively smoothly and faster
my only issue is firefox; it sometimes plays a stop and go game with me.
 
In other words it sometimes goes not responding for a few seconds and then unfreezes, beside that I have no other issue.

13
Tech Clinic / MY pc is slow and idk....
« on: November 24, 2008, 05:30:36 PM »
OTMoveIt3 log

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BJCFD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IPInSightLAN 02 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IPInSightMonitor 02 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\j1241132 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\svchost.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\DOCUME~1\Admin\LOCALS~1\Temp\win452.tmp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\WINNT\TEMP\winC.tmp.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45B1924-EF5D-4441-834B-058CA202505C}\\ deleted successfully.
 
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11242008_152903


hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:22 PM, on 11/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINNT\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\WINNT\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINNT\system32\msiexec.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINNT\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\winnt\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5687 bytes

14
Tech Clinic / MY pc is slow and idk....
« on: November 24, 2008, 03:29:01 PM »
Here are the two logs:

info log

info.txt logfile of random's system information tool 1.04 2008-11-24 14:20:21

======Uninstall list======

-->"D:\Program Files\SBC Yahoo!\umuninst.exe" /S
-->"D:\WINNT\..\Program Files\SBC Yahoo!\Connection Manager\uninst.exe"
-->D:\PROGRA~1\Yahoo!\browser\unyb.exe
-->D:\PROGRA~1\Yahoo!\Common\unwise.exe /S D:\PROGRA~1\Yahoo!\Common\install.log
-->D:\PROGRA~1\Yahoo!\Common\unybase.exe
-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-->D:\PROGRA~1\Yahoo!\PARENT~1\unypc.exe /S
-->D:\WINNT\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\yaddbook.dll
-->D:\WINNT\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\ylogin.dll
-->D:\WINNT\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\ymmapi.dll
-->D:\WINNT\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
-->regsvr32 /s /u D:\PROGRA~1\Yahoo!\Common\YCOMP5~1.DLL
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"
Adobe Flash Player 9 ActiveX-->D:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitTorrent 5.0.7-->"D:\Program Files\BitTorrent\uninstall.exe"
Blender (remove only)-->"I:\Program Files\Blender Foundation\Blender\uninstall.exe"
BroadJump Client Foundation-->D:\WINNT\IsUninst.exe -f"D:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"D:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
DirectX 8.1 Hotfix - KB839643-->D:\WINNT\$NtUninstallKB839643-DirectX81$\spuninst\spuninst.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HOT ALBUM MYBOX-->D:\Program Files\HOTALBUMMyBOX\VUninst.exe /a
Hotfix for MDAC 2.53 (KB927779)-->"D:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
hp deskjet 3320 series (Remove only)-->D:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall
hp deskjet 3320 series-->rundll32 hpzcon07.dll,VendorJettison hp deskjet 3320 series
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LimeWire 4.12.6-->"I:\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MyChanger-->D:\WINNT\unvise32.exe D:\Program Files\Codeuber\MyChanger\uninstal.log
MySpaceIM-->D:\Program Files\MySpace\IM\Uninstall.exe
NCH Tone Generator Uninstall-->D:\Program Files\NCH Swift Sound\ToneGen\uninst.exe
OIN-->"D:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
Pdf995-->D:\Program Files\pdf995\setup.exe uninstall
PhoTags Express -->D:\PROGRA~1\PHOTAG~1\Setup.exe /remove
SBC Yahoo! Applications-->D:\Program Files\SBC Yahoo!\UninstallManager.exe
Security Update for Windows 2000 (KB904706)-->"D:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689)-->"D:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"D:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"D:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"D:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Spybot - Search & Destroy 1.4-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
TaxCut Deluxe 2005-->D:\PROGRA~1\TaxCut05\Program\removetc.exe
TaxCut Premium 2006-->D:\PROGRA~1\TaxCut06\Program\removetc.exe
TaxCut Premium 2007-->MsiExec.exe /X{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}
Update Rollup 1 for Windows 2000 SP4-->"D:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
Visual IP InSight(SBC)-->D:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
WavePad Uninstall-->D:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp (remove only)-->"D:\Program Files\Winamp\UninstWA.exe"
Windows 2000 Hotfix - KB833407-->D:\WINNT\$NtUninstallKB833407$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB842773-->D:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB893756-->"D:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"D:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"D:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"D:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"D:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"D:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"D:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"D:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"D:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"D:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"D:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"D:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"D:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"D:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"D:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"D:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"D:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914389-->"D:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"D:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917422-->"D:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917736-->"D:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917953-->"D:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"D:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"D:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"D:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"D:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"D:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"D:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"D:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923414-->"D:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923694-->"D:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"D:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924191-->"D:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"D:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"D:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925486-->"D:\WINNT\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"D:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"D:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928090-->"D:\WINNT\$NtUninstallKB928090-IE6SP1-20070125.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"D:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB929969-->"D:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"D:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"D:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB932168-->"D:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows Media Player Hotfix [See Q828026 for more information]-->D:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows Media Player system update (9 Series)-->D:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Os2LibPath"=%SystemRoot%\system32\os2\dll;
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=080a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------



and here is the log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Chris at 2008-11-24 14:20:03
Microsoft Windows 2000 Professional Service Pack 4
System drive D: has 5 GB (48%) free of 10 GB
Total RAM: 95 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:15 PM, on 11/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
D:\Documents and Settings\Chris\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C45B1924-EF5D-4441-834B-058CA202505C} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [j1241132] rundll32 D:\WINNT\system32\j1241132.dll sook
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - D:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\winnt\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{72B0EA04-701B-49FB-82CF-BAB48FF073EA}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5689 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll [2003-06-20 209489]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - d:\program files\google\googletoolbar2.dll [2008-01-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45B1924-EF5D-4441-834B-058CA202505C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - D:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll [2003-06-20 209489]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - D:\WINNT\system32\msdxm.ocx [2005-03-31 844560]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - d:\program files\google\googletoolbar2.dll [2008-01-06 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"BJCFD"=D:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"IPInSightLAN 02"=D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe [2003-06-11 380928]
"IPInSightMonitor 02"=D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [2003-06-11 122880]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263]
"HPDJ Taskbar Utility"=D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-03 188416]
"j1241132"=rundll32 D:\WINNT\system32\j1241132.dll sook []
"SManager"=smanager.7.exe []
"smgr"=smgr.exe []
"MBBalloon"=D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [2006-12-15 787096]
"avgnt"=D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Malwarebytes Anti-Malware (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"svchost.exe"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINNT\system32\ctfmon.exe [2001-02-20 8192]
"Uniblue RegistryBooster 2"=D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-01-06 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau]
D:\WINNT\system32\nwprovau.dll [2006-08-31 140048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\DOCUME~1\Admin\LOCALS~1\Temp\win452.tmp.exe"="D:\DOCUME~1\Admin\LOCALS~1\Temp\win452.tmp.exe:*:Enabled:win452.tmp"
"D:\WINNT\TEMP\winC.tmp.exe"="D:\WINNT\TEMP\winC.tmp.exe:*:Enabled:winC.tmp"
"ntdll.dll"="D:\DOCUME~1\Admin\LOCALS~1\Temp\win76C.tmp.exe:*:Enabled:win76C.tmp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-24 14:20:03 ----D---- D:\rsit
2008-11-24 11:22:19 ----D---- D:\Avenger
2008-11-24 11:22:19 ----A---- D:\avenger.txt
2008-11-23 20:52:53 ----D---- D:\Documents and Settings\Chris\Application Data\Malwarebytes
2008-11-23 20:38:22 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-23 20:38:09 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 18:08:39 ----D---- D:\Program Files\Avira
2008-11-22 18:08:39 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2008-11-22 17:53:38 ----D---- D:\Program Files\Trend Micro
2008-11-22 17:43:07 ----A---- D:\WINNT\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2008-11-24 14:20:07 ----AD---- D:\WINNT\system32
2008-11-24 14:18:09 ----D---- D:\Program Files\Mozilla Firefox
2008-11-24 11:22:19 ----D---- D:\WINNT
2008-11-24 11:20:08 ----RAD---- D:\Program Files
2008-11-24 08:52:14 ----A---- D:\WINNT\SchedLgU.Txt
2008-11-24 01:43:12 ----HD---- D:\WINNT\inf
2008-11-24 01:43:09 ----AD---- D:\WINNT\Temp
2008-11-23 20:38:51 ----AD---- D:\WINNT\system32\drivers
2008-11-23 20:07:42 ----AD---- D:\WINNT\Debug
2008-11-23 20:04:48 ----SHD---- D:\WINNT\CSC
2008-11-22 20:05:13 ----AC---- D:\WINNT\system32\dfrg.msc
2008-11-22 19:43:29 ----SHD---- D:\WINNT\Installer
2008-11-22 19:08:20 ----D---- D:\WINNT\system32\NtmsData
2008-11-22 17:41:29 ----RASHDC---- D:\WINNT\system32\dllcache
2008-11-22 17:40:47 ----AD---- D:\WINNT\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; D:\WINNT\system32\drivers\Cdr4_2K.sys [2006-11-17 58000]
R1 Cdralw2k;Cdralw2k; D:\WINNT\system32\drivers\Cdralw2k.sys [2006-11-17 23420]
R3 FA311;Netgear FA311 NDIS 5.0 Miniport Driver; D:\WINNT\system32\DRIVERS\FA311ND5.SYS [2000-02-28 21728]
R3 uhcd;Microsoft USB Universal Host Controller Driver; D:\WINNT\system32\DRIVERS\uhcd.sys [2003-07-04 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINNT\system32\DRIVERS\usbhub.sys [2003-07-04 40176]
S1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
S1 avipbb;avipbb; D:\WINNT\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
S1 kbdhid;Keyboard HID Driver; D:\WINNT\system32\DRIVERS\kbdhid.sys [1999-10-04 13744]
S1 ssmdrv;ssmdrv; D:\WINNT\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
S2 Atmuni;ATM Call Manager; D:\WINNT\system32\DRIVERS\atmuni.sys [2003-07-04 331088]
S2 HidUsb;Microsoft HID Class Driver; D:\WINNT\system32\DRIVERS\hidusb.sys [1999-10-04 13904]
S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; D:\WINNT\system32\DRIVERS\nwlnkipx.sys [2003-07-04 91408]
S2 NwlnkNb;NWLink NetBIOS; D:\WINNT\system32\DRIVERS\nwlnknb.sys [2003-07-04 65520]
S2 NwlnkSpx;NWLink SPX/SPXII Protocol; D:\WINNT\system32\DRIVERS\nwlnkspx.sys [2003-07-04 58480]
S2 Rawwan;RAW WAN Driver; D:\WINNT\system32\DRIVERS\rawwan.sys [2003-07-04 35024]
S3 allegro;ESS Allegro Audio Driver (WDM); D:\WINNT\system32\drivers\es198x.sys [2002-05-08 189568]
S3 AtmElan;ATM Emulated LAN; D:\WINNT\system32\DRIVERS\atmlane.sys [2003-07-04 48496]
S3 AtmLane;ATM LAN Emulation; D:\WINNT\system32\DRIVERS\atmlane.sys [2003-07-04 48496]
S3 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 ccdecode;Closed Caption Decoder; D:\WINNT\system32\drivers\ccdecode.sys [1999-10-04 13232]
S3 DLKRCB;D-Link DFE-690TXD CardBus PC Card; D:\WINNT\system32\DRIVERS\DLKRCB.SYS [2001-10-15 25434]
S3 eni25p;Efficient Networks ENI-25P ATM Driver; D:\WINNT\system32\DRIVERS\eni25p.sys [1999-09-24 51152]
S3 i81x;i81x; D:\WINNT\system32\DRIVERS\i81xnt5.sys [2003-06-19 68336]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; D:\WINNT\system32\drivers\msmpu401.sys [1999-09-25 2832]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINNT\system32\drivers\MSTEE.sys [2003-06-19 5168]
S3 NWRDR;NetWare Rdr; D:\WINNT\system32\DRIVERS\nwrdr.sys [2006-08-31 161520]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINNT\System32\Drivers\RootMdm.sys [2003-07-04 6032]
S3 SQTECH905C;DualCamera; D:\WINNT\System32\Drivers\Capt905c.sys [2005-03-24 38937]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINNT\system32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 USBSTOR;USB Mass Storage Driver; D:\WINNT\system32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINNT\System32\drivers\ws2ifsl.sys [2003-07-04 12016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S2 HidServ;HID Input Service; D:\WINNT\system32\hidserv.exe [2003-06-19 19728]
S2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 NWCWorkstation;Client Service for NetWare; D:\WINNT\system32\services.exe [2005-04-08 92944]
S2 StiSvc;Still Image Service; D:\WINNT\system32\stisvc.exe [2003-07-04 61712]
S3 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-06 138168]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WmdmPmSN;Portable Media Serial Number Service; D:\WINNT\System32\svchost.exe [2003-07-04 7952]

-----------------EOF-----------------

15
Tech Clinic / MY pc is slow and idk....
« on: November 24, 2008, 12:35:52 PM »
Here is the log

Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 5.0.2195 Service Pack 4

11/24/2008 11:20:10 AM
mbam-log-2008-11-24 (11-20-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 106293
Time elapsed: 28 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 33
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 82

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
D:\WINNT\system32\ssqpo.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINNT\system32\pmnmlii.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINNT\system32\indwvm.dll (Trojan.Zlob) -> Delete on reboot.
d:\WINNT\system32\rqrrstq.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08c134d3-087c-4139-a98c-3a078358dfde} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmlii (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{08c134d3-087c-4139-a98c-3a078358dfde} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{debb349c-df19-4483-8437-90919f3ec079} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{debb349c-df19-4483-8437-90919f3ec079} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5adf3862-9e2e-4ad3-86f7-4510e6550cd0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5adf3862-9e2e-4ad3-86f7-4510e6550cd0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{654cd938-45ca-4386-80dd-1ab22911839e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{654cd938-45ca-4386-80dd-1ab22911839e} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f6b6fdd-a71f-81ea-1a17-8d8dce56819c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f6b6fdd-a71f-81ea-1a17-8d8dce56819c} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8fff6f35-d7f2-42d5-9988-e4bcaa63e0eb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8fff6f35-d7f2-42d5-9988-e4bcaa63e0eb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d17e43d-029f-41e3-aac5-022df8103548} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d17e43d-029f-41e3-aac5-022df8103548} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd3447d4-ca39-4377-8084-30e86331d74c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e12bff69-38a7-406e-a8ef-2738107a7831} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winpfp32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winspd32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gplv3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{08c134d3-087c-4139-a98c-3a078358dfde} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{31615d5c-5126-448a-818a-a7cdfee85a9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{25b7d2fd-4f71-46d1-801a-7de323e4ec82} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: d:\winnt\system32\rqrrstq.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\rqrrstq.dll -> Quarantined and deleted successfully.

Folders Infected:
D:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
D:\Program Files\WinPop (Adware.WinPop) -> Quarantined and deleted successfully.

Files Infected:
D:\WINNT\system32\pmnmlii.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINNT\system32\ssqpo.dll (Trojan.Vundo.H) -> Delete on reboot.
D:\WINNT\system32\opqss.bak1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\opqss.bak2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\opqss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\opqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\aobhwkgh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\hgkwhboa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\blgmlpfr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\rfplmglb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\bqujijoe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\eojijuqb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\cxjpkckb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\bkckpjxc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\faaocpfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\ufpcoaaf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\igayfjut.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\tujfyagi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\mxbcuyda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\adyucbxm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\pfcmxmqo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\oqmxmcfp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\qmnptvxu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\uxvtpnmq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\reqjkhpy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\yphkjqer.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\wgnkgebw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\wbegkngw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\xrwacigm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\mgicawrx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\ylyfmsda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\adsmfyly.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\jrdggvrr.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\gdcvusrd.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\nflijvni.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
D:\WINNT\system32\indwvm.dll (Trojan.Zlob) -> Delete on reboot.
D:\WINNT\system32\ubptrccu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\rjfmuxlg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Admin\Local Settings\Temp\20637715.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Admin\Local Settings\Temp\9996514.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Admin\Local Settings\Temp\win77C.tmp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Chris\Local Settings\Temp\32look.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
D:\Program Files\Common Files\Yazzle1122OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
D:\Program Files\Common Files\orok\orokd\orokc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\serial.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Program Files\WinPop\winpop.exe~ (Adware.Winpop) -> Quarantined and deleted successfully.
D:\WINNT\smgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINNT\system32\j1241132.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
D:\WINNT\system32\syswin.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
D:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
D:\WINNT\system32\winpfp32.dll (Dialer) -> Quarantined and deleted successfully.
D:\WINNT\system32\winspd32.dll (Dialer) -> Quarantined and deleted successfully.
D:\WINNT\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
D:\WINNT\system32\gebbxwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\gebcbaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\gebccda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\awvts.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\jkhih.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\tuvsqpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\mljijge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\opnljif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\cbxwtrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\cbxxyxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\awvst.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\mllkh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\mllml.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\efcbbaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\ljjjgef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\nnnllkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\ssqnnll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\awtronl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\khfebxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\rqrrstq.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINNT\system32\vtuutqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\system32\yayawvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINNT\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\Admin\Local Settings\Temp\win467.tmp.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
D:\Documents and Settings\lice\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\lice\Local Settings\Temp\laf13.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\WINNT\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINNT\system32\drivers\core.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

16
Tech Clinic / MY pc is slow and idk....
« on: November 22, 2008, 09:22:59 PM »
i am getting buffer overrun errors
no disk errors

and my pc is running like real slow

i can't open hijack this
or avira or virus protection


please help me

17
Tech Clinic / Flash Player
« on: September 23, 2008, 12:58:55 AM »
i don't think i have one i am going to just use a pci slot

18
Tech Clinic / Flash Player
« on: September 20, 2008, 07:45:59 PM »
thanks
my only problem is firefox is slow at times
maybe i should just upgrade to a new video card
any suggestion of a

cheap good card i can use

19
Tech Clinic / Flash Player
« on: September 16, 2008, 03:52:38 PM »
yea sure i want mind trying the work around

anything to save a few extra bucks lol

20
Tech Clinic / Flash Player
« on: September 15, 2008, 05:47:18 PM »
all of the videos on youtube

and also just as a wonder could i
just replace the video card from another
hp pc

or must i buy a new one

Pages: [1] 2 3