Second Post Malware Removal Instructions

therealbigyo

By therealbigyo,
in Malware Removal

 Share Followers 0

Recommended Posts

therealbigyo

therealbigyo

Posted
Posted

Hi.

Extras.Txt vvvvvv

OTL Extras logfile created on: 7/7/2009 7:49:00 PM - Run 1

OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\THEREALBIGYO\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.83% Memory free

3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.69% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 61.64 Gb Total Space | 16.36 Gb Free Space | 26.54% Space Free | Partition Type: NTFS

Drive D: | 11.86 Gb Total Space | 0.12 Gb Free Space | 1.01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C

Current User Name: THEREALBIGYO

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"13541:TCP" = 13541:TCP:*:Enabled:BitComet 13541 TCP

"13541:UDP" = 13541:UDP:*:Enabled:BitComet 13541 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus File not found

C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire File not found

C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client (www.BitComet.com)

C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)

C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)

C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()

C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)

C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)

C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)

C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()

C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )

C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)

C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies Demo ()

C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)

C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600

"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009

"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1

"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig

"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery

"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis

"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth

"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes

"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2

"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AIM Toolbar" = AIM Toolbar

"AIM_6" = AIM 6

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"BitComet" = BitComet 1.09

"CCleaner" = CCleaner (remove only)

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP

"D44822B3621EFD220D3A7DDA72DE5A4B6476748F" = Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)

"ERUNT_is1" = ERUNT 1.1j

"Gamevance" = Gamevance

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HP Imaging Device Functions" = HP Imaging Device Functions 6.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PeerGuardian_is1" = PeerGuardian 2.0

"PROSet" = Intel® PRO Network Connections Drivers

"Registry Mechanic_is1" = Registry Mechanic 8.0

"Softonic_English Toolbar" = Softonic_English Toolbar

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Steam App 3592" = Plants Vs Zombies Demo

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The KMPlayer" = The KMPlayer 2.9.4.1434

"vghd" = VirtuaGirl HD

"ViewpointMediaPlayer" = Viewpoint Media Player

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/30/2009 12:48:28 PM | Computer Name = YOUR-727A0A4E7C | Source = Google Update | ID = 20

Description =

Error - 5/30/2009 1:48:28 PM | Computer Name = YOUR-727A0A4E7C | Source = Google Update | ID = 20

Description =

Error - 5/30/2009 3:41:16 PM | Computer Name = YOUR-727A0A4E7C | Source = Google Update | ID = 20

Description =

Error - 5/30/2009 8:26:51 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000

Description = Faulting application steam.exe, version 1.0.0.0, faulting module steamclient.dll,

version 3.0.0.1, fault address 0x0012e093.

Error - 5/30/2009 9:46:33 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002

Description = Hanging application KMPlayer.exe, version 2.9.4.1434, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 10:26:30 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002

Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 10:26:32 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1001

Description = Fault bucket 337816799.

Error - 5/30/2009 10:53:38 PM | Computer Name = YOUR-727A0A4E7C | Source = Application Error | ID = 1000

Description = Faulting application maw.bin, version 0.0.0.0, faulting module d3d9.dll,

version 5.3.2600.5512, fault address 0x00097306.

Error - 5/31/2009 1:13:51 AM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/31/2009 1:13:54 AM | Computer Name = YOUR-727A0A4E7C | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

[ System Events ]

Error - 7/7/2009 9:54:17 PM | Computer Name = YOUR-727A0A4E7C | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/7/2009 9:56:26 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus

service to connect.

Error - 7/7/2009 9:56:26 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000

Description = The Kaspersky Anti-Virus service failed to start due to the following

error: %%1053

Error - 7/7/2009 9:56:42 PM | Computer Name = YOUR-727A0A4E7C | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 7/7/2009 10:17:04 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus

service to connect.

Error - 7/7/2009 10:17:04 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000

Description = The Kaspersky Anti-Virus service failed to start due to the following

error: %%1053

Error - 7/7/2009 10:17:13 PM | Computer Name = YOUR-727A0A4E7C | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 7/7/2009 10:24:42 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus

service to connect.

Error - 7/7/2009 10:24:42 PM | Computer Name = YOUR-727A0A4E7C | Source = Service Control Manager | ID = 7000

Description = The Kaspersky Anti-Virus service failed to start due to the following

error: %%1053

Error - 7/7/2009 10:24:53 PM | Computer Name = YOUR-727A0A4E7C | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

< End of report >

OLT.Txt vvvvvvvvvvvvvvv

OTL logfile created on: 7/7/2009 7:49:00 PM - Run 1

OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\THEREALBIGYO\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.83% Memory free

3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.69% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 61.64 Gb Total Space | 16.36 Gb Free Space | 26.54% Space Free | Partition Type: NTFS

Drive D: | 11.86 Gb Total Space | 0.12 Gb Free Space | 1.01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-727A0A4E7C

Current User Name: THEREALBIGYO

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()

PRC - C:\Program Files\Gamevance\gamevance32.exe ()

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)

PRC - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)

PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (AVP [Auto | Stopped]) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (gupdate1c9b02c15e611be [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)

DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)

DRV - (eabfiltr [system | Running]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (iaStor [boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (kl1 [boot | Running]) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (klbg [boot | Running]) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (KLIF [system | Running]) -- C:\WINDOWS\System32\DRIVERS\klif.sys (Kaspersky Lab)

DRV - (klim5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\klim5.sys (Kaspersky Lab)

DRV - (LachesisFltr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (nocashio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nocashio.sys ()

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)

DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (vmm [system | Running]) -- C:\WINDOWS\System32\Drivers\vmm.sys (Microsoft Corporation)

DRV - (VPCNetS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys (Microsoft Corporation)

DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (pgfilter [On_Demand | Running]) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found

IE - URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found

IE - URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AIM Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.tsoxprid: "ZKfox002RWUS"

FF - prefs.js..browser.search.param.tsoxtbid: "C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS"

FF - prefs.js..browser.search.selectedEngine: "AIM Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.myspace.com "

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.06.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/cfg_redir2.jhtml?ptb=C996D0E2-B8AA-4540-BA8B-5429E0517C52-TS&id=ZKfox002RWUS&ptnrS=ZKfox002RWUS&url=http%3A//search.mywebsearch.com/mywebsearch/AJmain.jhtml&st=kwd&ind=2009032823&searchfor="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/25 00:45:55 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/21 01:56:33 | 00,000,000 | ---D | M]

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions

[2009/02/19 21:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/07/06 22:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}

[2009/02/28 17:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009/06/21 01:56:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2009/04/15 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/03/28 23:37:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\THEREALBIGYO\Application Data\mozilla\Firefox\Profiles\jnxx19sp.default\extensions\[email protected]

[2009/06/21 01:57:02 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\aim-search.xml

[2009/02/20 15:24:03 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\ask.xml

[2009/03/28 23:37:55 | 00,002,236 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\Mozilla\FireFox\Profiles\jnxx19sp.default\searchplugins\askcom.xml

[2009/07/07 19:27:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/06/13 00:50:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/02/20 16:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2009/02/20 12:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/02/28 16:47:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/04/09 01:46:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/06/13 00:50:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/06/13 00:50:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2008/09/26 09:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll

[2009/06/13 00:50:06 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/06/02 01:06:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/06/02 01:06:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

[2009/04/22 22:44:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/04/22 22:44:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/01 19:57:48 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009/04/22 22:44:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/04/22 22:44:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/04/22 22:44:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/04/22 22:44:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Gamevance) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll (Gamevance LLC)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSof0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()

O4 - HKLM..\Run: [eabconfg.cpl] File not found

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)

O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe (Totem Entertainment)

O4 - Startup: C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejewele...ploader_v10.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/02 01:09:24 | 00,000,358 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 23:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2009/06/02 01:09:26 | 00,000,395 | RHS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{647c80f6-149a-11de-8c51-000fb0fd7915}\Shell\verb1\command - "" = desktop.exe

O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell - "" = Autorun

O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8410680a-00b8-11de-8c27-000fb0fd7915}\Shell\Open\command - "" = F:\RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com -- File not found

O33 - MountPoints2\C\Shell - "" = Autorun

O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\C\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com c:\

O33 - MountPoints2\D\Shell - "" = Autorun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\Open\command - "" = RECYCLER\S-5-8-70-100025372-100022015-100018940-3374.com d:\

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/07 19:48:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:35:06 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/07/07 19:34:14 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:13:50 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/07/07 19:11:47 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/07/07 19:09:42 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:55:51 | 21,455,05280 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/06 22:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\AIM Toolbar

[2009/07/04 23:41:01 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/04 22:10:53 | 39,647,808 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 21:58:10 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2009/07/04 21:58:10 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2009/07/04 21:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab

[2009/07/04 21:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2009/07/04 21:57:15 | 00,227,344 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2009/07/04 21:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2009/07/03 21:59:20 | 08,114,720 | ---- | C] (Mozilla) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Firefox Setup 3.5.exe

[2009/07/03 21:32:46 | 00,014,496 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\05-30-09_1429.jpg

[2009/07/01 20:07:58 | 01,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\THEREALBIGYO\Desktop\install_flash_player.exe

[2009/07/01 01:02:34 | 04,310,720 | -H-- | C] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\IconCache.db

[2009/06/30 23:58:04 | 00,000,000 | ---D | C] -- C:\Program Files\Gamevance

[2009/06/30 20:17:31 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/06/30 20:17:31 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/06/22 00:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\THEREALBIGYO\Desktop\New Folder

[2009/06/21 01:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility

[2009/06/21 01:56:28 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar

[2009/06/21 01:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar

[2009/06/21 01:55:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads

[2009/06/18 22:20:57 | 24,449,920 | ---- | C] (PC Tools ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\sdsetup(2).exe

[2009/06/16 01:05:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\speedupmypc3plc(2).exe

[2009/06/16 01:05:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\speedupmypc3plc.exe

[2009/06/15 01:14:35 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/06/15 01:10:51 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/06/15 01:07:07 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/06/15 01:05:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2009/06/15 01:05:34 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/06/15 01:05:29 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/06/15 01:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/06/15 01:01:07 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\zapSetup_80_400_020_en.exe

[2009/06/15 01:01:05 | 04,209,954 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\zapSetup_80_400_020_en.exe.part

[2009/06/15 00:58:46 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Ad-AwareAE.exe

[2009/06/15 00:37:55 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk

[2009/06/15 00:37:54 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL

[2009/06/15 00:37:52 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2009/06/15 00:32:48 | 24,449,664 | ---- | C] (PC Tools ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\sdsetup.exe

[2009/06/08 20:56:43 | 00,154,224 | ---- | C] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\spyware doctor..JPG

[2009/06/08 13:03:45 | 03,247,736 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\THEREALBIGYO\Desktop\ccsetup220.exe

[2009/04/02 01:06:17 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/03/26 23:07:05 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys

[2006/02/22 02:55:17 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/02/22 02:53:30 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/02/22 02:36:47 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006/02/22 02:18:41 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/02/22 01:51:45 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/02/22 01:51:45 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/02/22 01:51:45 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/02/22 01:51:44 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/02/22 01:51:43 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005/12/02 03:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/17 10:39:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/08/17 10:21:06 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/08/17 09:59:14 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini

[2005/08/17 02:45:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2005/08/05 22:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 01,403,212 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\scan.pdf

[2049/12/31 16:00:00 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\HSZ Customer Consent Form.doc

[2009/07/07 19:48:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\OTL.exe

[2009/07/07 19:34:14 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Rooter.exe

[2009/07/07 19:25:18 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/07/07 19:24:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/07/07 19:24:20 | 00,000,005 | ---- | M] () -- C:\WINDOWS\sbacknt.bin

[2009/07/07 19:24:08 | 00,001,083 | -HS- | M] () -- C:\hpqp.ini

[2009/07/07 19:24:08 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini

[2009/07/07 19:24:07 | 00,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/07/07 19:24:06 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/07/07 19:24:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/07/07 19:24:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/07/07 19:23:59 | 21,455,05280 | -HS- | M] () -- C:\hiberfil.sys

[2009/07/07 19:13:50 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THEREALBIGYO\Desktop\TFC.exe

[2009/07/07 19:11:47 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/07/07 19:11:29 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\NTREGOPT.lnk

[2009/07/07 19:11:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\ERUNT.lnk

[2009/07/07 19:09:44 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\The_Comedian.exe

[2009/07/07 19:04:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\registryboosterplc.exe

[2009/07/07 18:54:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/07/07 18:54:01 | 00,000,209 | RHS- | M] () -- C:\boot.ini

[2009/07/07 18:45:22 | 04,310,720 | -H-- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\IconCache.db

[2009/07/07 03:22:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/07/06 22:24:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/07/06 21:44:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/05 00:45:33 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\Sociology Test 1 Study Guide.wps

[2009/07/05 00:45:33 | 00,009,446 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Application Data\wklnhst.dat

[2009/07/04 23:06:45 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/07/04 22:15:02 | 39,647,808 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\THEREALBIGYO\Desktop\kav8.0.0.506en.exe

[2009/07/04 21:58:10 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2009/07/04 21:58:10 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2009/07/04 21:57:15 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2009/07/04 19:35:54 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2009/07/03 23:15:56 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/03 22:01:48 | 08,114,720 | ---- | M] (Mozilla) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Firefox Setup 3.5.exe

[2009/07/03 21:32:46 | 00,014,496 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\05-30-09_1429.jpg

[2009/07/01 20:08:55 | 01,878,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\THEREALBIGYO\Desktop\install_flash_player.exe

[2009/06/23 21:19:19 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2009/06/21 01:56:45 | 00,000,739 | -H-- | M] () -- C:\IPH.PH

[2009/06/21 01:56:25 | 00,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk

[2009/06/18 22:25:59 | 24,449,920 | ---- | M] (PC Tools ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\sdsetup(2).exe

[2009/06/16 01:05:57 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\speedupmypc3plc(2).exe

[2009/06/16 01:05:30 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\speedupmypc3plc.exe

[2009/06/15 01:17:38 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/06/15 01:05:34 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2009/06/15 01:04:13 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\Ad-AwareAE.exe

[2009/06/15 01:02:19 | 04,209,954 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\zapSetup_80_400_020_en.exe.part

[2009/06/15 01:01:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\zapSetup_80_400_020_en.exe

[2009/06/15 00:37:55 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk

[2009/06/15 00:37:06 | 24,449,664 | ---- | M] (PC Tools ) -- C:\Documents and Settings\THEREALBIGYO\Desktop\sdsetup.exe

[2009/06/08 20:56:43 | 00,154,224 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\spyware doctor..JPG

[2009/06/08 13:07:15 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\THEREALBIGYO\Desktop\CCleaner.lnk

[2009/06/08 13:04:09 | 03,247,736 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\THEREALBIGYO\Desktop\ccsetup220.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52

< End of report >

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing