Jump to content


Photo

Malware Detected & Quarantined - Need Help


  • This topic is locked This topic is locked
11 replies to this topic

#1 Lazgunx

Lazgunx

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 06 March 2011 - 10:19 PM

Hello,

I'm new to this forum and process, so please forgive or redirect me if I am not doing something properly.

Ran a full Ad-aware scan two days ago which detected 3 serious items. They were quarantined. I followed the instructions here on the support forum, downloaded the additional apps recommended, did those scans, & got the OTL & Extras logs etc. Since you advised me to do another scan after I performed these actions, the new logs do not show what was originally detected & quarantined, I suppose because they were placed in quarantine on the original scan. I did an export on the original scan log I got from the first scan and will include those 3 items here just so you can see what was found. (Don't know if this is necessary).

Trojan.Win32.Generic!BT
Trojan.Win32.Generic!BT

ZUGO(fs)

I do not know how to proceed from here to get these items cleaned or what to do next. Did some research and do know that the ZUGO(fs) item pertains to XVID-setup-dm-9.exe, but have no idea about the others. Please help.

Ok, per the instructions here are the contents of the OTL and Extras file.

Thanks in advance for your help in identifying and helping me get rid of these items.

OTL logfile created on: 3/5/2011 6:58:44 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Ricky\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 17.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 54.92 Gb Free Space | 38.05% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RICKY1 | User Name: Ricky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ricky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcccoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ricky\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)
MOD - C:\Program Files\X-Setup Pro\bin\MSScript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LogWatch) -- File not found
SRV - (CA_LIC_SRVR) -- File not found
SRV - (CA_LIC_CLNT) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ()
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)


========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (usb2vcom) -- C:\WINDOWS\system32\drivers\usb2vcom.sys (USB World)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (XIRLINK) -- C:\WINDOWS\system32\drivers\ucdnt.sys (Xirlink, Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e, = http://www.preispira...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb, = http://www.preispira...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba, = http://www.preispira...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://www.preispira...ysuche_us.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}:1.0.6.0
FF - prefs.js..extensions.enabledItems: {DED5FCB2-18A8-4204-9D15-C1EB07D30811}:1.0.0.5
FF - prefs.js..extensions.enabledItems: {6348F59F-2D20-4A5C-A0A6-553DCFB33926}:1.0.5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..keyword.URL: "http://search.yahoo....type=867034&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2008/11/03 05:51:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/17 08:42:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/07 17:32:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/18 06:02:11 | 000,000,000 | ---D | M]

[2008/08/27 06:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Extensions
[2011/03/04 16:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\qflmtqxm.default\extensions
[2010/07/05 16:46:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\qflmtqxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/05 16:46:05 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\qflmtqxm.default\extensions\{6348F59F-2D20-4A5C-A0A6-553DCFB33926}
[2008/09/02 10:31:26 | 000,000,000 | ---D | M] (eBay Contextmenu) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\qflmtqxm.default\extensions\{DED5FCB2-18A8-4204-9D15-C1EB07D30811}
[2010/07/05 16:46:05 | 000,000,000 | ---D | M] (Buyertools) -- C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\qflmtqxm.default\extensions\{E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}
[2011/03/04 16:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/23 16:43:03 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Program Files\Mozilla Firefox\extensions\{6348F59F-2D20-4A5C-A0A6-553DCFB33926}
[2006/05/23 16:43:03 | 000,000,000 | ---D | M] (eBay Kontextmenü) -- C:\Program Files\Mozilla Firefox\extensions\{DED5FCB2-18A8-4204-9D15-C1EB07D30811}
[2006/05/23 16:43:04 | 000,000,000 | ---D | M] (Buyertools) -- C:\Program Files\Mozilla Firefox\extensions\{E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}
[2010/12/17 08:42:21 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2009/01/02 19:22:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/02/24 07:50:42 | 000,431,432 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 14852 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (metaspinner GmbH) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Program Files\Buyertools Reminder\IEButtonBuyertoolsInterface.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Ricky\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm ()
O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm ()
O8 - Extra context menu item: eBay - Advanced Search - C:\Program Files\Buyertools Reminder\SearchEbaypower.htm ()
O8 - Extra context menu item: eBay - Homepage - C:\Program Files\Buyertools Reminder\SearchEbay.htm ()
O8 - Extra context menu item: eBay - My eBay - C:\Program Files\Buyertools Reminder\SearchEbaymein.htm ()
O8 - Extra context menu item: eBay Start Search - C:\Program Files\Buyertools Reminder\SearchEbay.htm ()
O8 - Extra context menu item: Google Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm ()
O8 - Extra context menu item: Google Start Search - C:\Program Files\Buyertools Reminder\SearchGoogle.htm ()
O9 - Extra Button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.char...in/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261023547265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1261023536046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} http://adweb.music-e...p...&ptx=mratdl (MidRadioCtrl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\text/x-mrml {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\MidRadio.ocx (YAMAHA CORPORATION)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\I See You Coming.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\I See You Coming.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 18:52:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe
[2011/03/05 15:25:22 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\TFC.exe
[2011/02/18 08:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Desktop\SPUDownloadManager
[2011/02/18 06:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Local Settings\Application Data\Temp
[2011/02/18 05:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/02/16 11:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Darts
[2011/02/15 19:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Search Settings
[2011/02/15 19:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Video Converter
[2011/02/15 19:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2011/02/15 19:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Start Menu\Programs\Games
[2011/02/15 01:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Application Data\WinRAR
[2011/02/15 01:34:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2011/02/15 00:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\My Documents\Gygan Downloads
[2011/02/15 00:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Application Data\Gygan
[2011/02/15 00:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2011/02/15 00:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Local Settings\Application Data\Xenocode
[2011/02/15 00:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gygan BETA
[2011/02/15 00:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Gygan BETA
[2011/02/13 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Photo Software
[2011/02/13 22:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Photo Software
[2011/02/13 20:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Application Data\WellCraftedMemoryGame
[2011/02/13 20:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\WellCraftedMemoryGame
[2006/12/20 16:58:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcciesc.dll
[2006/12/20 16:47:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccinpa.dll
[2006/05/09 18:02:33 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/05/09 17:59:30 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/03/05 18:52:14 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe
[2011/03/05 18:20:01 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/03/05 15:41:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/05 15:36:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/05 15:35:56 | 000,193,396 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/05 15:35:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/05 15:35:09 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 15:34:26 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/03/05 15:34:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/03/05 15:34:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/03/05 15:34:25 | 000,054,680 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/03/05 15:34:25 | 000,054,680 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/03/05 15:25:23 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\TFC.exe
[2011/03/05 12:27:22 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/03/05 08:58:17 | 107,840,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/04 14:44:21 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/01 15:07:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/24 07:50:42 | 000,431,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/24 03:39:38 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Ricky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 08:40:33 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Exporter for WALKMAN.lnk
[2011/02/18 08:37:28 | 000,001,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/02/18 06:25:43 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\Ricky\default.pls
[2011/02/18 05:56:02 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/18 05:45:30 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\Ricky\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2011/02/18 05:45:04 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Handycam Utility.lnk
[2011/02/15 19:30:04 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\Free Video Converter.lnk
[2011/02/15 00:58:25 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gygan.lnk
[2011/02/13 20:59:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/13 20:59:17 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\Shortcut to 2009 Tax Tables.pdf.lnk
[2011/02/13 20:59:17 | 000,000,434 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\Shortcut to R_L.jpg.lnk
[2011/02/13 20:23:26 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\MemoryGame.lnk
[2011/02/13 13:22:09 | 000,217,841 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/02/09 16:55:59 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Ricky\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/09 16:19:02 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 14:16:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 11:47:15 | 000,431,198 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110224-075042.backup
[2011/02/08 06:55:21 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

========== Files Created - No Company Name ==========

[2011/02/18 08:40:33 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Exporter for WALKMAN.lnk
[2011/02/18 08:37:28 | 000,001,829 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk
[2011/02/18 05:56:02 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/18 05:56:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/18 05:45:30 | 000,001,941 | ---- | C] () -- C:\Documents and Settings\Ricky\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2011/02/15 19:30:04 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\Free Video Converter.lnk
[2011/02/15 00:58:25 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gygan.lnk
[2011/02/13 20:59:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/13 20:59:17 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\Shortcut to 2009 Tax Tables.pdf.lnk
[2011/02/13 20:59:17 | 000,000,434 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\Shortcut to R_L.jpg.lnk
[2011/02/13 20:23:26 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\MemoryGame.lnk
[2010/12/19 19:47:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/11/10 00:08:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/04/28 04:23:57 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2009/04/28 04:23:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2009/03/08 14:48:43 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/01 21:59:08 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2009/02/01 21:59:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2009/02/01 21:59:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2009/02/01 21:59:07 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2009/02/01 21:59:07 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2009/02/01 21:59:07 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2009/02/01 21:59:07 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2009/02/01 21:59:07 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2009/02/01 21:59:07 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2009/02/01 21:59:07 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2009/02/01 21:59:07 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2009/02/01 21:59:07 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2009/02/01 21:59:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2009/02/01 21:59:07 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2009/02/01 21:59:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2009/02/01 21:59:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2009/02/01 21:59:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2009/02/01 21:59:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2009/02/01 21:59:06 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2009/02/01 21:59:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2009/02/01 21:59:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2009/02/01 21:59:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/02/09 09:45:59 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008/02/09 09:13:16 | 000,000,098 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2007/11/25 19:33:30 | 000,001,462 | ---- | C] () -- C:\Documents and Settings\Ricky\Application Data\filterclsid.dat
[2007/11/24 00:37:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/11/24 00:36:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/04/11 18:17:00 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2007/02/07 12:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcccoin.dll
[2007/01/27 01:27:23 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/20 00:40:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/24 04:29:22 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\tifnydec.dll
[2006/11/24 04:29:22 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\tdecode.dll
[2006/11/24 04:29:22 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\TWBCust.dll
[2006/09/26 21:56:16 | 000,000,087 | ---- | C] () -- C:\WINDOWS\MovieEdit.INI
[2006/07/02 22:52:47 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/06/23 18:46:06 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/06/23 18:46:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/05/20 23:04:36 | 000,000,662 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2006/05/20 21:45:09 | 000,005,729 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/05/20 21:45:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006/05/20 18:15:33 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Ricky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/19 19:47:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/19 19:47:24 | 000,002,471 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/16 17:56:43 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/05/15 19:01:09 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2006/05/15 18:32:18 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Ricky\Application Data\dvd.bmk
[2006/05/13 05:24:37 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006/05/13 02:59:10 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/05/13 02:59:10 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/05/13 02:59:08 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2006/05/13 02:59:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2006/05/13 02:59:08 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2006/05/13 02:59:03 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2006/05/12 22:31:10 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/12 01:04:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/11 18:59:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Ricky\Local Settings\Application Data\fusioncache.dat
[2006/05/09 18:26:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/09 18:23:49 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/09 18:02:33 | 000,366,255 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/05/09 18:02:33 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/05/09 18:02:33 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/05/09 17:59:30 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/05/09 17:59:30 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/05/09 17:59:30 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/05/09 17:59:30 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/05/09 17:59:30 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/05/09 17:59:30 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/05/09 17:59:30 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/05/09 17:59:30 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/05/09 17:59:30 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/09 17:59:28 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/05/09 17:58:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/09 17:58:06 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/10 02:06:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 02:06:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/12/10 02:06:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 02:06:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/12/10 02:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 02:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 02:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 02:06:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/12/10 02:06:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/10 02:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,447,056 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,074,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/01 11:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/30 09:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/30 08:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/02/01 21:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/09/30 09:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/10/21 18:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/09/30 08:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/07/02 22:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2008/04/24 01:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/09 16:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/31 20:33:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/30 10:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\AVG10
[2007/11/19 20:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\BonkEnc
[2006/05/15 19:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Cakewalk
[2010/06/13 17:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Facebook
[2009/10/05 01:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\GenJ
[2011/02/15 23:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\GetRightToGo
[2011/02/15 00:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Gygan
[2009/04/30 02:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\ImgBurn
[2008/08/15 17:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\NewsLeecher
[2006/07/02 22:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Otto
[2009/09/08 08:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Pool Rebel
[2007/11/24 00:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Samsung
[2009/07/12 15:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Scrabble Plus
[2010/08/24 17:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\Smart Recorder
[2011/02/13 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\WellCraftedMemoryGame
[2010/01/30 06:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Application Data\WellCraftedWhiteBoard
[2011/03/05 15:41:57 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/03/05 18:20:01 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2008/05/27 00:13:45 | 000,000,106 | ---- | M] () -- C:\WINDOWS\Tasks\UPS System Shutdown Program.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\WINDOWS\ODBCINST.INI:hii
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:592EFD93

< End of report >

OTL Extras logfile created on: 3/5/2011 6:58:44 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Ricky\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 17.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 54.92 Gb Free Space | 38.05% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RICKY1 | User Name: Ricky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader 2
"3928:TCP" = 3928:TCP:*:Enabled:Usenet Monster
"3928:UDP" = 3928:UDP:*:Enabled:Usenet Monster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe" = C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe" = C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe" = C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor
"C:\Program Files\NewsLeecher\newsLeecher.exe" = C:\Program Files\NewsLeecher\newsLeecher.exe:*:Enabled:NewsLeecher -- ()
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Ricky\Local Settings\Temp\Blizzard Launcher Temporary - ef0c0fe8\Launcher.exe" = C:\Documents and Settings\Ricky\Local Settings\Temp\Blizzard Launcher Temporary - ef0c0fe8\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Documents and Settings\Ricky\Local Settings\Temp\Blizzard Launcher Temporary - cc608fd8\Launcher.exe" = C:\Documents and Settings\Ricky\Local Settings\Temp\Blizzard Launcher Temporary - cc608fd8\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Dungeon Siege\DungeonSiege.exe" = C:\Program Files\Microsoft Games\Dungeon Siege\DungeonSiege.exe:*:Enabled:Dungeon Siege Game Executable
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe" = C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F45C0EC-17A4-4EE9-874D-A88757BD6C09}" = CapMan
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS
"{3AD2B7F1-50DA-402D-BBB9-94BB7FEF8CD4}_is1" = Darts v1.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{451964DF-5EAB-4602-A0A6-7DC57A71E5FC}" = PMB Launcher
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{583E1EDA-3AC5-4967-B31C-09DA024D2ADA}" = PMB Exporter for WALKMAN
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5AF8C46D-A141-4E69-9EB5-76A43ED29281}" = Charter High Speed Internet Self-Installation Wizard
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BB63E23-9041-4103-86DD-B3E850F2DDFA}}_is1" = FotoMorph version 13.1.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{714DAA5E-803F-44A2-8512-64F26E681030}_is1" = Gygan
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75B4F73F-4EB1-4126-AE4B-639F3CE6E411}" = Sony Ericsson Mobile Phone Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AA828F3-BD67-495E-9742-BD9C3F196E78}" = PC Suite
"{7E8BA95A-B058-407A-A4D4-610C6E9C1ED5}" = Buyertools Reminder
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{8D2B09E2-6B04-4960-B780-4B0CE90780EE}" = LightScribe 1.4.39.1
"{8D827786-90E8-44BC-B97A-E5CECB9E761E}" = CompUSA PC Camera
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8DEC2AF-5754-4E36-9C5D-0451DC5DD332}" = Samsung PC Studio 3
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B813681D-5C5B-4B84-84EE-670E843F6F79}" = Game Cam Lite
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Absolute Video Splitter Joiner_is1" = Absolute Video Splitter Joiner 1.6.5
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Auctioneer" = Auctioneer AddOns
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"AVG" = AVG 2011
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"DivX Setup.divx.com" = DivX Setup
"DOC to JPG Converter_is1" = DOC to JPG Converter 1.0.0.6
"DreamStation DXi2" = DreamStation DXi2
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.2.2
"DVD Knife_is1" = DVD Knife 3.0
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Free Video Converter_is1" = Free Video Converter V 1.0
"GenealogyJ 2.4.5" = GenealogyJ 2.4.5
"GoToAssist" = GoToAssist 8.0.0.514
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"IrfanView" = IrfanView (remove only)
"iWinArcade" = iWin Games (remove only)
"MAGIX Media Manager silver" = MAGIX Media Manager silver
"MAGIX Movie Edit Pro 11 e-version US" = MAGIX Movie Edit Pro 11 e-version (US)
"MAGIX music studio 2005 deLuxe" = MAGIX music studio 2005 deLuxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MemoryGame" = MemoryGame 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MidRadio Player" = YAMAHA MidRadio Player
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NewsLeecher" = NewsLeecher
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PaperPort 6.5" = PaperPort 6.5
"PROSet" = Intel® PRO Network Connections Drivers
"QuickPar" = QuickPar 0.9
"Registry Mechanic_is1" = Registry Mechanic 6.0
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Scrabble Plus 1.00" = Scrabble Plus 1.00
"Simple Family Tree" = Simple Family Tree (remove only)
"ST6UNST #1" = MyYahtzee by Darren Sever
"SysInfo" = Creative System Information
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UI Central" = UI Central 1.0.6.2
"Visioneer 4400 Scanner" = Visioneer 4400 Scanner
"VST Bridge_is1" = VST Bridge 1.1
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WhiteBoard" = WhiteBoard 2.0
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winpcap-nmap" = winpcap-nmap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xqdcXSP_is1" = XQDC X-Setup Pro 8.1.100
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2011 6:12:13 AM | Computer Name = RICKY1 | Source = Application Error | ID = 1000
Description = Faulting application freevideoconverter.exe, version 1.0.0.0, faulting
module videoc~1.ocx, version 1.0.0.1, fault address 0x002d23f4.

[ IntelDH Events ]
Error - 5/13/2006 5:00:23 AM | Computer Name = RICKY1 | Source = IntelQRTD | ID = 5
Description = Intel® Viiv™ Technology system not detected. Reason: Failed
Intel® Viiv™ Technology system check.

[ System Events ]
Error - 3/5/2011 5:29:02 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/5/2011 5:29:02 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 3/5/2011 5:29:03 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/5/2011 5:29:03 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 3/5/2011 5:29:03 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7034
Description = The Intel® Quick Resume Technology Drivers service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/5/2011 5:29:05 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7034
Description = The dlcc_device service terminated unexpectedly. It has done this
1 time(s).

Error - 3/5/2011 5:29:06 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7034
Description = The NMIndexingService service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/5/2011 5:35:27 PM | Computer Name = RICKY1 | Source = UPS | ID = 2482
Description = The UPS service could not access the specified Comm Port.

Error - 3/5/2011 5:35:30 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7000
Description = The Event Log Watch service failed to start due to the following error:
%%3

Error - 3/5/2011 5:35:30 PM | Computer Name = RICKY1 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2482


< End of report >

#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 07 March 2011 - 06:50 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 Lazgunx

Lazgunx

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 07 March 2011 - 09:21 AM

Thank you. Per your instructions, I have zipped and uploaded the Attach.txt file and will add the DDS.txt file here. Please let me know if I did anything incorrectly or need to resend anything.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ricky at 1:56:34.31 on Mon 03/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.981 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ricky\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: metaspinner GmbH: {7c7a8947-5935-4430-ac0e-e7d04697414e} - c:\progra~1\buyert~1\IEBUTT~2.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\ricky\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE:
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: amazon Search - c:\program files\buyertools reminder\Searchamazon.htm
IE: amazon Start Search - c:\program files\buyertools reminder\Searchamazon.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: eBay - Advanced Search - c:\program files\buyertools reminder\SearchEbaypower.htm
IE: eBay - Homepage - c:\program files\buyertools reminder\SearchEbay.htm
IE: eBay - My eBay - c:\program files\buyertools reminder\SearchEbaymein.htm
IE: eBay Start Search - c:\program files\buyertools reminder\SearchEbay.htm
IE: Google Search - c:\program files\buyertools reminder\SearchGoogle.htm
IE: Google Start Search - c:\program files\buyertools reminder\SearchGoogle.htm
IE: {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - c:\program files\buyertools reminder\ReminderIE.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261023547265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261023536046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} - hxxp://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - c:\program files\yamaha\midradio player\MidRadio.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ricky\applic~1\mozilla\firefox\profiles\qflmtqxm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ricky\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\ricky\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: eBay-Startcenter: {6348F59F-2D20-4A5C-A0A6-553DCFB33926} - c:\program files\mozilla firefox\extensions\{6348F59F-2D20-4A5C-A0A6-553DCFB33926}
FF - Ext: eBay Kontextmenü: {DED5FCB2-18A8-4204-9D15-C1EB07D30811} - c:\program files\mozilla firefox\extensions\{DED5FCB2-18A8-4204-9D15-C1EB07D30811}
FF - Ext: Buyertools: {E843EA9A-B51C-4CAE-93B9-BBE52D0C4551} - c:\program files\mozilla firefox\extensions\{E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: eBay-Startcenter: {6348F59F-2D20-4A5C-A0A6-553DCFB33926} - %profile%\extensions\{6348F59F-2D20-4A5C-A0A6-553DCFB33926}
FF - Ext: eBay Contextmenu: {DED5FCB2-18A8-4204-9D15-C1EB07D30811} - %profile%\extensions\{DED5FCB2-18A8-4204-9D15-C1EB07D30811}
FF - Ext: Buyertools: {E843EA9A-B51C-4CAE-93B9-BBE52D0C4551} - %profile%\extensions\{E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-8 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1405384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 LogWatch;Event Log Watch;"c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [?]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [?]
S3 CA_LIC_SRVR;CA License Server;"c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe" --> c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [?]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2006-5-16 15104]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2007-4-21 28704]
S3 XIRLINK;CompUSA PC Camera;c:\windows\system32\drivers\ucdnt.sys [2006-5-13 805808]
.
=============== Created Last 30 ================
.
2011-02-18 12:03:49 -------- d-----w- c:\docume~1\ricky\locals~1\applic~1\Temp
2011-02-16 17:50:39 -------- d-----w- c:\program files\Darts
2011-02-16 01:30:28 -------- d-----w- c:\program files\Search Settings
2011-02-16 01:30:02 -------- d-----w- c:\program files\Free Video Converter
2011-02-15 07:34:45 -------- d-----w- c:\windows\XSxS
2011-02-15 06:58:33 -------- d-----w- c:\docume~1\ricky\applic~1\Gygan
2011-02-15 06:58:30 -------- d-----w- c:\program files\Xenocode
2011-02-15 06:58:30 -------- d-----w- c:\docume~1\ricky\locals~1\applic~1\Xenocode
2011-02-15 06:58:19 -------- d-----w- c:\program files\Gygan BETA
2011-02-14 04:12:47 -------- d-----w- c:\program files\Digital Photo Software
2011-02-14 02:23:29 -------- d-----w- c:\docume~1\ricky\applic~1\WellCraftedMemoryGame
2011-02-14 02:23:26 -------- d-----w- c:\program files\WellCraftedMemoryGame
.
==================== Find3M ====================
.
2011-02-08 12:55:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 2:03:59.35 ===============

Attached Files



#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 07 March 2011 - 09:57 AM

Hi again,


Uninstall your current Adobe shockwave player and get the fresh one here if needed.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
You should also update Firefox.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.
Post back its report & a fresh dds.txt log. Any symptoms?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 Lazgunx

Lazgunx

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 08 March 2011 - 03:14 AM

Hello again,

All tasks you specified have been completed. Will copy new DDS log below and have uploaded the new Attach.zip file. ESET did not provide a formal "log", it just returned "No Threats Found." ESET did request one thing you didn't specify and I was a little hesitant, but went ahead and downloaded/installed a file called called "onlinescanner.cab".

Couple of comments/questions since I'm not sure what stage we're at on this problem/issue. Please bear with me. :)

- My PC really doesn't exhibit any abnormal or adverse symptoms. The only thing out of the ordinary it's ever done is load IE VERY slowly (approx. 30 sec.), but I use Fire Fox anyway, so I really don't care, just always been curious as to why it loads that browser so slowly.

- Are we to the point yet of removing/cleaning/deleting/etc. the items that were quarantined in the original scan?

- If so, I have no idea how to do it - but I know you will get to that when the time comes.

- What were the 2 files (their real name) that were identified as the Trojan.Win32.Generic!.BT found in the original scan? Just curious since I don't know how to find out, and Ad-Aware doesn't specify what the actual files were or app they were associated with.

- I know the other one was the ZUGO(fs) supposedly associated with the XVID-setup-dm-9.exe file. When we get to that point, would it cause me less problems in the future if I just completely delete all of my DIVX/XVID associated apps, or do you not think this will be necessary?

Again, thanks for your help and assistance. Great job of explaining every detail and all the "walk-throughs."
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ricky at 19:31:32.85 on Mon 03/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1573 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Rickys Old Stuff\My Documents\PC Malware Cleanup\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: metaspinner GmbH: {7c7a8947-5935-4430-ac0e-e7d04697414e} - c:\progra~1\buyert~1\IEBUTT~2.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\ricky\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE:
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: amazon Search - c:\program files\buyertools reminder\Searchamazon.htm
IE: amazon Start Search - c:\program files\buyertools reminder\Searchamazon.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: eBay - Advanced Search - c:\program files\buyertools reminder\SearchEbaypower.htm
IE: eBay - Homepage - c:\program files\buyertools reminder\SearchEbay.htm
IE: eBay - My eBay - c:\program files\buyertools reminder\SearchEbaymein.htm
IE: eBay Start Search - c:\program files\buyertools reminder\SearchEbay.htm
IE: Google Search - c:\program files\buyertools reminder\SearchGoogle.htm
IE: Google Start Search - c:\program files\buyertools reminder\SearchGoogle.htm
IE: {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - c:\program files\buyertools reminder\ReminderIE.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261023547265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261023536046
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} - hxxp://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - c:\program files\yamaha\midradio player\MidRadio.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ricky\applic~1\mozilla\firefox\profiles\qflmtqxm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ricky\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\ricky\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: eBay-Startcenter: {6348F59F-2D20-4A5C-A0A6-553DCFB33926} - c:\program files\mozilla firefox\extensions\{6348F59F-2D20-4A5C-A0A6-553DCFB33926}
FF - Ext: eBay Kontextmenü: {DED5FCB2-18A8-4204-9D15-C1EB07D30811} - c:\program files\mozilla firefox\extensions\{DED5FCB2-18A8-4204-9D15-C1EB07D30811}
FF - Ext: Buyertools: {E843EA9A-B51C-4CAE-93B9-BBE52D0C4551} - c:\program files\mozilla firefox\extensions\{E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: eBay-Startcenter: {6348F59F-2D20-4A5C-A0A6-553DCFB33926} - %profile%\extensions\{6348F59F-2D20-4A5C-A0A6-553DCFB33926}
FF - Ext: eBay Contextmenu: {DED5FCB2-18A8-4204-9D15-C1EB07D30811} - %profile%\extensions\{DED5FCB2-18A8-4204-9D15-C1EB07D30811}
FF - Ext: Buyertools: {E843EA9A-B51C-4CAE-93B9-BBE52D0C4551} - %profile%\extensions\{E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-8 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1405384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 LogWatch;Event Log Watch;"c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [?]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [?]
S3 CA_LIC_SRVR;CA License Server;"c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe" --> c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [?]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2006-5-16 15104]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2007-4-21 28704]
S3 XIRLINK;CompUSA PC Camera;c:\windows\system32\drivers\ucdnt.sys [2006-5-13 805808]
.
=============== Created Last 30 ================
.
2011-03-08 00:32:21 -------- d-----w- c:\program files\ESET
2011-03-08 00:15:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-08 00:15:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-08 00:15:33 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-18 12:03:49 -------- d-----w- c:\docume~1\ricky\locals~1\applic~1\Temp
2011-02-16 17:50:39 -------- d-----w- c:\program files\Darts
2011-02-16 01:30:28 -------- d-----w- c:\program files\Search Settings
2011-02-16 01:30:02 -------- d-----w- c:\program files\Free Video Converter
2011-02-15 07:34:45 -------- d-----w- c:\windows\XSxS
2011-02-15 06:58:33 -------- d-----w- c:\docume~1\ricky\applic~1\Gygan
2011-02-15 06:58:30 -------- d-----w- c:\program files\Xenocode
2011-02-15 06:58:30 -------- d-----w- c:\docume~1\ricky\locals~1\applic~1\Xenocode
2011-02-15 06:58:19 -------- d-----w- c:\program files\Gygan BETA
2011-02-14 04:12:47 -------- d-----w- c:\program files\Digital Photo Software
2011-02-14 02:23:29 -------- d-----w- c:\docume~1\ricky\applic~1\WellCraftedMemoryGame
2011-02-14 02:23:26 -------- d-----w- c:\program files\WellCraftedMemoryGame
.
==================== Find3M ====================
.
2011-02-08 12:55:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-02 13:31:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:38:21.34 ===============

Attached Files



#6 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 08 March 2011 - 07:29 AM

- My PC really doesn't exhibit any abnormal or adverse symptoms. The only thing out of the ordinary it's ever done is load IE VERY slowly (approx. 30 sec.), but I use Fire Fox anyway, so I really don't care, just always been curious as to why it loads that browser so slowly.

Try to run IE with addons disabled: click start->accessories->system tools-> Internet Explorer (no addons)

- Are we to the point yet of removing/cleaning/deleting/etc. the items that were quarantined in the original scan?
- If so, I have no idea how to do it - but I know you will get to that when the time comes.

Since those are quarantined there's no need to worry about them anymore :)

- What were the 2 files (their real name) that were identified as the Trojan.Win32.Generic!.BT found in the original scan? Just curious since I don't know how to find out, and Ad-Aware doesn't specify what the actual files were or app they were associated with.

Several items can be flagged as that. We probably won't be able to track file paths down if the program that detected them doesn't show paths.

- I know the other one was the ZUGO(fs) supposedly associated with the XVID-setup-dm-9.exe file. When we get to that point, would it cause me less problems in the future if I just completely delete all of my DIVX/XVID associated apps, or do you not think this will be necessary?

DivX Player downloaded from proper location is safe. However, if you don't have any use for those then you may uninstall them.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#7 Lazgunx

Lazgunx

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 08 March 2011 - 08:14 AM

Many thanks Blade!

So are we done now, or are there still other cleaning things we need to do?

Did we actually DO anything regarding those 3 items besides all the scans/temp file/etc. cleanup? Just wondering so I'll get better at this in the future.

BTW: Just another question out of curiosity: If the files/malware/goblins and gremlins/ whatever..... in question that were quarantined are now benign since being quarantined, why not just select and delete those items from the quarantine list for clean-up?

Whatever the case may be, thanks a million for all your help if we are finished, and if not, I'll be back on tomorrow to continue the fun. :)

#8 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 08 March 2011 - 02:41 PM

So are we done now, or are there still other cleaning things we need to do?

We're probably done :)

Did we actually DO anything regarding those 3 items besides all the scans/temp file/etc. cleanup?

Those three items mentioned in your topic opener? No, we didn't.

BTW: Just another question out of curiosity: If the files/malware/goblins and gremlins/ whatever..... in question that were quarantined are now benign since being quarantined, why not just select and delete those items from the quarantine list for clean-up?

If those are present there then yes, you may delete them.

Did you try IE with addons disabled?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#9 Lazgunx

Lazgunx

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 08 March 2011 - 09:00 PM

Yes, you are the master! lol

IE will load now in about 4 seconds after disabling add-ons. (But I still hate it and prefer FF...... :)

Many thanks again for all your great help.

~LazGunX

#10 Lazgunx

Lazgunx

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 08 March 2011 - 09:25 PM

Just can't let go of this thread I guess......

ONE more question, I promise, well, maybe more if I think of any:

That TFC (Temp File Cleaner) tool you had me run is awesome.

Would you recommend I hold on to that and use it, and if so, how often?

THX!

#11 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 09 March 2011 - 07:33 AM

Hi again,

IE will load now in about 4 seconds after disabling add-ons.

So, it's likely some of those browser addons installed that causes slower startup there. You may want to start IE and then disable addons one by one until you've found out what causes slower startup. See "How can I disable a browser add-on?" here.

Would you recommend I hold on to that and use it, and if so, how often?

You may run it occasionally if you like. Once or twice a month should be enough :)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#12 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 30 March 2011 - 01:52 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users