1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] EasyScan virus

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by CameronTs, Jan 1, 2011.

Thread Status:
Not open for further replies.
  1. CameronTs

    CameronTs Techie7 New Member

    I recently got this EasyScan virus.
    And most of the time id just reboot my computer in Safe Mood open up MBAM simply fix this problem.
    But when i tried to reboot it went straight to BSOD.
    I tried opening it up in safe mode... BSOD
    Recent working setting.. BSOD

    Nothing seems to be working and i cant fix it help please :/
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Welcome aboard [​IMG]

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    =========================================================================================

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)


    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  3. CameronTs

    CameronTs Techie7 New Member

    Yes i need some time im still trying to get a blank disc ill update you.
     
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    No problem :)
    Thanks for the update :)
     
  5. CameronTs

    CameronTs Techie7 New Member

    OTL. LOG
    OTL logfile created on: 1/3/2011 4:28:04 PM - Run
    OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.44 Gb Total Space | 8.92 Gb Free Space | 11.99% Space Free | Partition Type: NTFS
    Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/28 13:29:53 | 001,175,556 | ---- | M] (NCH Software) [Auto] -- C:\Program Files\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
    SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/08 11:08:46 | 003,494,124 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/10/22 07:48:58 | 001,862,144 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/04/04 15:42:20 | 000,057,344 | ---- | M] (Avid Technology, Inc.) [Auto] -- C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe -- (FastTrackInstallerService)
    SRV - [2006/03/01 12:44:38 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
    SRV - [2005/12/02 10:20:46 | 000,049,152 | ---- | M] (M-Audio) [Auto] -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe -- (MAudioUSBService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | Unavailable] -- -- (sstE45)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MA763010.sys -- (MA763010)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\l6dp.sys -- (L6DP)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\GPWADrv.sys -- (GPWADrv) Service for L6 GuitarPort Driver (WDM)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009/02/08 12:27:39 | 000,031,104 | ---- | M] (Nemesis) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MA763003.sys -- (ma763003)
    DRV - [2009/02/08 12:27:39 | 000,022,336 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbnp4x4.sys -- (USBNP4X4)
    DRV - [2009/02/08 12:27:39 | 000,013,056 | ---- | M] (Nemesis) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MADFU003.sys -- (MADFU003)
    DRV - [2008/11/28 17:13:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2008/10/01 11:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2007/03/05 15:13:32 | 005,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006/12/08 23:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
    DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/16 11:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
    DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2006/05/25 12:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/03/19 08:41:08 | 000,143,872 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/12/13 11:39:54 | 000,102,528 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mausb.sys -- (MAUSB) Service for M-Audio Fast Track Pro Driver (WDM)
    DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
    DRV - [2004/08/04 05:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2003/11/26 10:14:20 | 000,280,192 | R--- | M] (Midiman/M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/04/09 03:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\NSynas32.sys -- (Nsynas32)
    DRV - [2000/01/08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = Dell Start Page
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Start Page
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = Dell
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Start Page
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
    IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK
    IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
    IE - HKU\eric_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    IE - HKU\eric_ON_C\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
    IE - HKU\eric_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    IE - HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643




    FF - HKLM\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2010/05/30 21:41:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~1\Crawler\Toolbar\firefox\ [2010/07/18 18:23:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/18 01:03:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 15:28:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2010/07/17 13:42:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2010/07/24 14:33:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/12/10 13:41:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/12/10 13:41:36 | 000,000,000 | ---D | M]

    [2010/11/17 15:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

    O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
    O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (SporTV Toolbar) - {A298ED31-D405-40E2-880F-B7511948E582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O4 - HKLM..\Run: [BroadCam] C:\Program Files\NCH Software\BroadCam\broadcam.exe (NCH Software)
    O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe (Kmaestro)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [DeltTray] C:\WINDOWS\System32\delttray.exe (Doug Fetter Software Wizardry)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [JAMktV3] C:\Program Files\JAM KT v3\JAMktv3.exe File not found
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
    O4 - HKU\eric_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKU\eric_ON_C..\Run: [MBXhgpUmtvtD.exe] C:\Documents and Settings\All Users\Application Data\MBXhgpUmtvtD.exe (msql software)
    O4 - HKU\eric_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\eric_ON_C..\Run: [qTkEmDZEjq] C:\Documents and Settings\All Users\Application Data\qTkEmDZEjq.exe (mdisk Corp)
    O4 - HKU\eric_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\eric_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    O4 - HKU\eric_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK = File not found
    O4 - Startup: C:\Documents and Settings\eric\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\eric_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab (MabinogiWebAvatarRenderer Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/12/04 17:09:07 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/05/27 14:54:12 | 000,002,360 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/01 15:19:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sstE45.sys
    [2010/12/23 15:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\font
    [2010/12/23 13:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_37
    [2010/12/23 13:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_31
    [2010/12/23 12:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_33
    [2010/12/22 02:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\Vindictus
    [2010/12/21 01:03:07 | 004,502,408 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\eric\My Documents\avg_isct_stb_all_2011_1170_free.exe
    [2010/12/19 13:24:15 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Documents and Settings\eric\Desktop\gimp-2.6.11-i686-setup-1.exe
    [2010/08/17 00:32:11 | 000,533,408 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.UI.dll
    [2010/08/17 00:32:08 | 000,266,240 | ---- | C] (MySQL AB) -- C:\Documents and Settings\eric\MySql.Data.dll
    [2010/08/17 00:32:04 | 001,270,688 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.Grid.dll
    [2010/08/17 00:31:56 | 000,516,096 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.Editors.dll
    [87 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/01 15:22:05 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\Easy Scan.lnk
    [2011/01/01 15:19:31 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sstE45.sys
    [2011/01/01 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2011/01/01 14:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/01 14:39:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-594646345-1494692193-2182967409-1005UA.job
    [2010/12/31 23:05:02 | 004,947,414 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\Never Seen Your Face Melvin Williams.mp3
    [2010/12/31 23:02:17 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
    [2010/12/31 20:39:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-594646345-1494692193-2182967409-1005Core.job
    [2010/12/31 10:53:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/30 16:50:25 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/29 15:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/26 13:58:33 | 000,573,951 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\1219102154.jpg
    [2010/12/25 20:20:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/24 22:29:51 | 000,000,056 | ---- | M] () -- C:\WINDOWS\kgt2k.INI
    [2010/12/24 16:18:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/24 16:18:37 | 2145,017,856 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/23 15:50:31 | 000,205,833 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\font.zip
    [2010/12/23 12:52:21 | 001,116,326 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_31.zip
    [2010/12/23 12:46:22 | 001,716,794 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_37.zip
    [2010/12/23 12:25:14 | 001,596,799 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_33.zip
    [2010/12/22 03:16:09 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\eric\jagex_runescape_preferences2.dat
    [2010/12/22 03:16:08 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\eric\jagex_runescape_preferences.dat
    [2010/12/21 01:09:46 | 004,502,408 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\eric\My Documents\avg_isct_stb_all_2011_1170_free.exe
    [2010/12/19 19:53:42 | 000,001,430 | ---- | M] () -- C:\WINDOWS\_isenv31.ini
    [2010/12/19 19:53:42 | 000,000,521 | ---- | M] () -- C:\WINDOWS\_iserr31.ini
    [2010/12/19 19:53:42 | 000,000,256 | ---- | M] () -- C:\WINDOWS\_delis32.ini
    [2010/12/19 13:29:22 | 000,004,448 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\panthericon.png
    [2010/12/19 13:29:22 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\eric\.recently-used.xbel
    [2010/12/19 13:26:57 | 000,003,896 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\blackpantherj.png
    [2010/12/19 13:24:28 | 020,367,424 | ---- | M] (The GIMP Team ) -- C:\Documents and Settings\eric\Desktop\gimp-2.6.11-i686-setup-1.exe
    [2010/12/12 07:45:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\pixillionShakeIcon.job
    [2010/12/12 07:45:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
    [2010/12/12 07:45:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
    [2010/12/08 09:03:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/04 17:09:07 | 000,000,053 | RHS- | M] () -- C:\autorun.inf
    [87 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/01 15:22:05 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\Easy Scan.lnk
    [2010/12/31 23:04:51 | 004,947,414 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\Never Seen Your Face Melvin Williams.mp3
    [2010/12/31 23:02:16 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
    [2010/12/26 13:58:33 | 000,573,951 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\1219102154.jpg
    [2010/12/24 00:12:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
    [2010/12/23 15:48:57 | 000,205,833 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\font.zip
    [2010/12/23 12:52:15 | 001,116,326 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_31.zip
    [2010/12/23 12:46:21 | 001,716,794 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_37.zip
    [2010/12/23 12:25:12 | 001,596,799 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_33.zip
    [2010/12/19 19:53:42 | 000,001,430 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
    [2010/12/19 19:53:42 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
    [2010/12/19 19:53:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2010/12/19 18:57:58 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\T-RackS 24.lnk
    [2010/12/19 13:29:22 | 000,004,448 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\panthericon.png
    [2010/12/19 13:29:22 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\eric\.recently-used.xbel
    [2010/12/19 13:26:56 | 000,003,896 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\blackpantherj.png
    [2010/12/06 07:45:32 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\pixillionShakeIcon.job
    [2010/12/06 07:45:20 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
    [2010/12/06 07:45:18 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
    [2010/11/23 02:49:17 | 000,065,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/11/17 15:23:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/07/24 09:50:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\d392.sys
    [2010/06/19 23:16:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eric\jagex__preferences3.dat
    [2009/12/29 21:35:56 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/12/29 21:35:56 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/12/29 21:35:56 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
    [2009/12/29 21:35:56 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2009/12/29 21:35:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/12/29 21:35:56 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2009/12/29 21:35:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2009/12/29 21:35:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/12/29 21:35:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2009/12/29 21:35:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2009/12/29 21:35:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2009/12/29 21:35:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2009/12/29 21:35:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/12/29 21:35:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
    [2009/12/29 21:35:56 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2009/12/29 21:35:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2009/12/29 21:35:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2009/12/29 21:35:56 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2009/12/29 21:35:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/09/29 11:01:30 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\eric\jagex_runescape_preferences2.dat
    [2009/09/29 11:00:26 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\eric\jagex_runescape_preferences.dat
    [2009/08/10 05:39:16 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
    [2009/01/06 08:41:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2008/11/28 17:24:36 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
    [2008/06/29 11:08:38 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/06/15 23:02:06 | 000,000,216 | ---- | C] () -- C:\WINDOWS\DIGIP12.INI
    [2008/06/08 06:49:27 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\eric\SysInfo.txt
    [2008/06/06 19:41:38 | 000,520,267 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
    [2007/10/22 07:50:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/10/22 07:48:05 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
    [2007/10/22 07:48:05 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/10/22 07:29:33 | 000,001,123 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 17:00:36 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
    [2004/08/11 17:00:30 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2003/01/04 23:42:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

    ========== LOP Check ==========

    [2008/06/27 01:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DSound
    [2008/06/27 06:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg
    [2011/01/01 04:23:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\eric\Application Data\.#
    [2010/11/25 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\.doomseeker
    [2010/05/28 12:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Ableton
    [2010/06/10 22:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\acccore
    [2010/08/20 18:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Antares
    [2010/11/06 09:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Blender Foundation
    [2009/01/11 02:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Cakewalk
    [2010/11/24 13:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\CocoonSoftware
    [2008/11/28 17:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\DAEMON Tools
    [2009/01/31 20:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\DSound
    [2010/12/19 13:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\gtk-2.0
    [2010/05/30 21:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Inbox Toolbar
    [2010/08/06 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Jasc
    [2010/12/30 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\LimeWire
    [2010/08/17 00:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\LPECommon
    [2010/10/02 15:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Meltdown
    [2010/07/29 22:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\netmarble
    [2010/08/13 11:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Nexon
    [2010/07/29 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Opera
    [2010/08/21 10:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PACE Anti-Piracy
    [2010/08/29 21:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PalaceChat 3
    [2010/08/10 16:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PriceGong
    [2010/11/16 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Publish Providers
    [2010/06/13 00:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\SiteRanker
    [2010/11/16 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Sony
    [2008/06/07 07:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Steinberg
    [2010/12/01 23:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Teeworlds
    [2009/09/26 20:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Tibia
    [2010/07/25 08:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Unity
    [2011/01/01 15:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\uTorrent
    [2010/12/12 07:45:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
    [2010/12/12 07:45:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
    [2010/12/31 23:02:17 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
    [2011/01/01 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [2010/12/12 07:45:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2010/08/11 23:10:39 | 000,000,000 | ---D | M](C:\Documents and Settings\eric\My Documents\?? ???) -- C:\Documents and Settings\eric\My Documents\넥슨 플러그
    [2010/08/11 23:10:39 | 000,000,000 | ---D | C](C:\Documents and Settings\eric\My Documents\?? ???) -- C:\Documents and Settings\eric\My Documents\넥슨 플러그

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1088 bytes -> C:\Program Files\Common Files\Microsoft Shared:g5eqUJyNNE2L8EmILr6ONJ0mc
    < End of report >
     
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    DRV - File not found [Kernel | Unavailable] -- -- (sstE45)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | System] -- -- (Changer)
    IE - HKU\eric_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    IE - HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVe rsion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - HKLM..\Run: [JAMktV3] C:\Program Files\JAMKT v3\JAMktv3.exe File not found
    O4 - HKU\eric_ON_C..\Run: [MBXhgpUmtvtD.exe] C:\Documents and Settings\All Users\Application Data\MBXhgpUmtvtD.exe (msql software)
    O4 - HKU\eric_ON_C..\Run: [qTkEmDZEjq] C:\Documents and Settings\All Users\Application Data\qTkEmDZEjq.exe (mdisk Corp)
    O4 - HKU\eric_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK = File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/01/01 15:19:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sstE45.sys
    [87 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2011/01/01 15:22:05 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\Easy Scan.lnk
    [2011/01/01 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/12/24 00:12:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
    [2010/12/19 19:53:42 | 000,001,430 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
    [2010/12/19 19:53:42 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
    [2010/12/19 19:53:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2010/07/24 09:50:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\d392.sys
    [2011/01/01 04:23:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\eric\Application Data\.#
    [2011/01/01 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    @Alternate Data Stream - 1088 bytes -> C:\Program Files\Common Files\Microsoft Shared:g5eqUJyNNE2L8EmILr6ONJ0mc
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\Ask.com
    
    
    :Commands
    [purity]
    [emptytemp]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE


    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.

      • (The content of Fix.txt should appear in the box)

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into Windows.
     
  7. CameronTs

    CameronTs Techie7 New Member

    The Log

    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sstE45 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EagleNT deleted successfully.
    File C:\WINDOWS\System32\drivers\EagleNT.sys not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Changer deleted successfully.
    Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVe rsion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\JAMktV3 deleted successfully.
    Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MBXhgpUmtvtD.exe deleted successfully.
    C:\Documents and Settings\All Users\Application Data\MBXhgpUmtvtD.exe moved successfully.
    Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\qTkEmDZEjq deleted successfully.
    C:\Documents and Settings\All Users\Application Data\qTkEmDZEjq.exe moved successfully.
    Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK moved successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\eric_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\WINDOWS\system32\drivers\sstE45.sys moved successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET108.tmp deleted successfully.
    C:\WINDOWS\System32\SET192.tmp deleted successfully.
    C:\WINDOWS\System32\SET196.tmp deleted successfully.
    C:\WINDOWS\System32\SET19A.tmp deleted successfully.
    C:\WINDOWS\System32\SET19E.tmp deleted successfully.
    C:\WINDOWS\System32\SET19F.tmp deleted successfully.
    C:\WINDOWS\System32\SET1A0.tmp deleted successfully.
    C:\WINDOWS\System32\SET1A5.tmp deleted successfully.
    C:\WINDOWS\System32\SET1A9.tmp deleted successfully.
    C:\WINDOWS\System32\SET1AD.tmp deleted successfully.
    C:\WINDOWS\System32\SET1B.tmp deleted successfully.
    C:\WINDOWS\System32\SET21.tmp deleted successfully.
    C:\WINDOWS\System32\SET243.tmp deleted successfully.
    C:\WINDOWS\System32\SET247.tmp deleted successfully.
    C:\WINDOWS\System32\SET24B.tmp deleted successfully.
    C:\WINDOWS\System32\SET24F.tmp deleted successfully.
    C:\WINDOWS\System32\SET250.tmp deleted successfully.
    C:\WINDOWS\System32\SET251.tmp deleted successfully.
    C:\WINDOWS\System32\SET256.tmp deleted successfully.
    C:\WINDOWS\System32\SET25B.tmp deleted successfully.
    C:\WINDOWS\System32\SET281.tmp deleted successfully.
    C:\WINDOWS\System32\SET2A.tmp deleted successfully.
    C:\WINDOWS\System32\SET2B.tmp deleted successfully.
    C:\WINDOWS\System32\SET2C.tmp deleted successfully.
    C:\WINDOWS\System32\SET2D.tmp deleted successfully.
    C:\WINDOWS\System32\SET2EB.tmp deleted successfully.
    C:\WINDOWS\System32\SET2EF.tmp deleted successfully.
    C:\WINDOWS\System32\SET2F3.tmp deleted successfully.
    C:\WINDOWS\System32\SET2F7.tmp deleted successfully.
    C:\WINDOWS\System32\SET2F8.tmp deleted successfully.
    C:\WINDOWS\System32\SET2F9.tmp deleted successfully.
    C:\WINDOWS\System32\SET2FE.tmp deleted successfully.
    C:\WINDOWS\System32\SET302.tmp deleted successfully.
    C:\WINDOWS\System32\SET306.tmp deleted successfully.
    C:\WINDOWS\System32\SET37B.tmp deleted successfully.
    C:\WINDOWS\System32\SET37F.tmp deleted successfully.
    C:\WINDOWS\System32\SET383.tmp deleted successfully.
    C:\WINDOWS\System32\SET387.tmp deleted successfully.
    C:\WINDOWS\System32\SET388.tmp deleted successfully.
    C:\WINDOWS\System32\SET389.tmp deleted successfully.
    C:\WINDOWS\System32\SET38E.tmp deleted successfully.
    C:\WINDOWS\System32\SET392.tmp deleted successfully.
    C:\WINDOWS\System32\SET396.tmp deleted successfully.
    C:\WINDOWS\System32\SET3DD.tmp deleted successfully.
    C:\WINDOWS\System32\SET3DE.tmp deleted successfully.
    C:\WINDOWS\System32\SET3DF.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E0.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E1.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E2.tmp deleted successfully.
    C:\WINDOWS\System32\SET3FD.tmp deleted successfully.
    C:\WINDOWS\System32\SET3FF.tmp deleted successfully.
    C:\WINDOWS\System32\SET400.tmp deleted successfully.
    C:\WINDOWS\System32\SET401.tmp deleted successfully.
    C:\WINDOWS\System32\SET402.tmp deleted successfully.
    C:\WINDOWS\System32\SET403.tmp deleted successfully.
    C:\WINDOWS\System32\SET404.tmp deleted successfully.
    C:\WINDOWS\System32\SET405.tmp deleted successfully.
    C:\WINDOWS\System32\SET406.tmp deleted successfully.
    C:\WINDOWS\System32\SET407.tmp deleted successfully.
    C:\WINDOWS\System32\SET408.tmp deleted successfully.
    C:\WINDOWS\System32\SET409.tmp deleted successfully.
    C:\WINDOWS\System32\SET40A.tmp deleted successfully.
    C:\WINDOWS\System32\SET40B.tmp deleted successfully.
    C:\WINDOWS\System32\SET40C.tmp deleted successfully.
    C:\WINDOWS\System32\SET40D.tmp deleted successfully.
    C:\WINDOWS\System32\SET43B.tmp deleted successfully.
    C:\WINDOWS\System32\SET45E.tmp deleted successfully.
    C:\WINDOWS\System32\SET466.tmp deleted successfully.
    C:\WINDOWS\System32\SET467.tmp deleted successfully.
    C:\WINDOWS\System32\SET468.tmp deleted successfully.
    C:\WINDOWS\System32\SET46D.tmp deleted successfully.
    C:\WINDOWS\System32\SET475.tmp deleted successfully.
    C:\WINDOWS\System32\SET4E.tmp deleted successfully.
    C:\WINDOWS\System32\SET54.tmp deleted successfully.
    C:\WINDOWS\System32\SET5C.tmp deleted successfully.
    C:\WINDOWS\System32\SET703.tmp deleted successfully.
    C:\WINDOWS\System32\SET7C.tmp deleted successfully.
    C:\WINDOWS\System32\SET88.tmp deleted successfully.
    C:\WINDOWS\System32\SET8F.tmp deleted successfully.
    C:\WINDOWS\System32\SET9.tmp deleted successfully.
    C:\WINDOWS\System32\SET90.tmp deleted successfully.
    C:\WINDOWS\System32\SET92.tmp deleted successfully.
    C:\WINDOWS\System32\SET93.tmp deleted successfully.
    C:\WINDOWS\System32\SET98.tmp deleted successfully.
    C:\WINDOWS\System32\SETA0.tmp deleted successfully.
    C:\WINDOWS\System32\SETA2.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET1A1.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET252.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET2FA.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET30.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET38A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET469.tmp deleted successfully.
    C:\WINDOWS\System32\drivers\SET40E.tmp deleted successfully.
    C:\WINDOWS\System32\drivers\sstE45.tmp deleted successfully.
    C:\WINDOWS\~GLC0000.TMP deleted successfully.
    C:\WINDOWS\~GLH0000.TMP deleted successfully.
    C:\Documents and Settings\eric\Desktop\Easy Scan.lnk moved successfully.
    C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
    C:\WINDOWS\kgt2k.INI moved successfully.
    C:\WINDOWS\_isenv31.ini moved successfully.
    C:\WINDOWS\_iserr31.ini moved successfully.
    C:\WINDOWS\_delis32.ini moved successfully.
    C:\WINDOWS\d392.sys moved successfully.
    C:\Documents and Settings\eric\Application Data\.# folder moved successfully.
    File C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.
    ADS C:\Program Files\Common Files\Microsoft Shared:g5eqUJyNNE2L8EmILr6ONJ0mc deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Ask.com folder moved successfully.
    ========== COMMANDS ==========
    Error: Unable to interpret <[emptytemp]Open Notepad and paste it.> in the current context!
    Error: Unable to interpret <Save the document as Fix.txt on to a USB flash drive> in the current context!

    OTLPE by OldTimer - Version 3.1.43.0 log created on 01032011_175620
     
  8. CameronTs

    CameronTs Techie7 New Member

    And booting it into normal windows didn't work.
     
  9. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Tried safe mode?

    If so, reboot to OTLPE again, run another scan and post new log.
     
  10. CameronTs

    CameronTs Techie7 New Member

    Tried safe mode and im running a scan at the moment now.
     
  11. CameronTs

    CameronTs Techie7 New Member

    OTL logfile created on: 1/3/2011 6:13:41 PM - Run
    OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.44 Gb Total Space | 8.99 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
    Drive D: | 149.01 Gb Total Space | 119.30 Gb Free Space | 80.06% Space Free | Partition Type: FAT32
    Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/28 13:29:53 | 001,175,556 | ---- | M] (NCH Software) [Auto] -- C:\Program Files\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
    SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/08 11:08:46 | 003,494,124 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/10/22 07:48:58 | 001,862,144 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/04/04 15:42:20 | 000,057,344 | ---- | M] (Avid Technology, Inc.) [Auto] -- C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe -- (FastTrackInstallerService)
    SRV - [2006/03/01 12:44:38 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
    SRV - [2005/12/02 10:20:46 | 000,049,152 | ---- | M] (M-Audio) [Auto] -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe -- (MAudioUSBService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MA763010.sys -- (MA763010)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\l6dp.sys -- (L6DP)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\GPWADrv.sys -- (GPWADrv) Service for L6 GuitarPort Driver (WDM)
    DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/01/06 17:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2009/02/08 12:27:39 | 000,031,104 | ---- | M] (Nemesis) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MA763003.sys -- (ma763003)
    DRV - [2009/02/08 12:27:39 | 000,022,336 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbnp4x4.sys -- (USBNP4X4)
    DRV - [2009/02/08 12:27:39 | 000,013,056 | ---- | M] (Nemesis) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MADFU003.sys -- (MADFU003)
    DRV - [2008/11/28 17:13:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2008/10/01 11:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2007/03/05 15:13:32 | 005,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006/12/08 23:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
    DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/16 11:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
    DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2006/05/25 12:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/03/19 08:41:08 | 000,143,872 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/12/13 11:39:54 | 000,102,528 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mausb.sys -- (MAUSB) Service for M-Audio Fast Track Pro Driver (WDM)
    DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
    DRV - [2004/08/04 05:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2003/11/26 10:14:20 | 000,280,192 | R--- | M] (Midiman/M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/04/09 03:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\NSynas32.sys -- (Nsynas32)
    DRV - [2000/01/08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = Dell Start Page
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Start Page
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = Dell
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Start Page
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
    IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
    IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK
    IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
    IE - HKU\eric_ON_C\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
    IE - HKU\eric_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    IE - HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643




    FF - HKLM\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2010/05/30 21:41:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~1\Crawler\Toolbar\firefox\ [2010/07/18 18:23:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/18 01:03:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 15:28:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2010/07/17 13:42:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2010/07/24 14:33:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/12/10 13:41:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/12/10 13:41:36 | 000,000,000 | ---D | M]

    [2010/11/17 15:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

    O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
    O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (SporTV Toolbar) - {A298ED31-D405-40E2-880F-B7511948E582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
    O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O4 - HKLM..\Run: [BroadCam] C:\Program Files\NCH Software\BroadCam\broadcam.exe (NCH Software)
    O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe (Kmaestro)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [DeltTray] C:\WINDOWS\System32\delttray.exe (Doug Fetter Software Wizardry)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
    O4 - HKU\eric_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKU\eric_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\eric_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\eric_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
    O4 - Startup: C:\Documents and Settings\eric\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\eric_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab (MabinogiWebAvatarRenderer Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/12/04 17:09:07 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/05/27 14:54:12 | 000,002,360 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
    O32 - AutoRun File - [2010/11/30 18:19:22 | 000,000,053 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/03 17:56:20 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/12/23 15:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\font
    [2010/12/23 13:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_37
    [2010/12/23 13:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_31
    [2010/12/23 12:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_33
    [2010/12/22 02:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\Vindictus
    [2010/12/21 01:03:07 | 004,502,408 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\eric\My Documents\avg_isct_stb_all_2011_1170_free.exe
    [2010/12/19 13:24:15 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Documents and Settings\eric\Desktop\gimp-2.6.11-i686-setup-1.exe
    [2010/08/17 00:32:11 | 000,533,408 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.UI.dll
    [2010/08/17 00:32:08 | 000,266,240 | ---- | C] (MySQL AB) -- C:\Documents and Settings\eric\MySql.Data.dll
    [2010/08/17 00:32:04 | 001,270,688 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.Grid.dll
    [2010/08/17 00:31:56 | 000,516,096 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.Editors.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/01 14:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/01 14:39:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-594646345-1494692193-2182967409-1005UA.job
    [2010/12/31 23:05:02 | 004,947,414 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\Never Seen Your Face Melvin Williams.mp3
    [2010/12/31 23:02:17 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
    [2010/12/31 20:39:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-594646345-1494692193-2182967409-1005Core.job
    [2010/12/31 10:53:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/30 16:50:25 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/29 15:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/26 13:58:33 | 000,573,951 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\1219102154.jpg
    [2010/12/25 20:20:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/24 16:18:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/24 16:18:37 | 2145,017,856 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/23 15:50:31 | 000,205,833 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\font.zip
    [2010/12/23 12:52:21 | 001,116,326 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_31.zip
    [2010/12/23 12:46:22 | 001,716,794 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_37.zip
    [2010/12/23 12:25:14 | 001,596,799 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_33.zip
    [2010/12/22 03:16:09 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\eric\jagex_runescape_preferences2.dat
    [2010/12/22 03:16:08 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\eric\jagex_runescape_preferences.dat
    [2010/12/21 01:09:46 | 004,502,408 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\eric\My Documents\avg_isct_stb_all_2011_1170_free.exe
    [2010/12/19 13:29:22 | 000,004,448 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\panthericon.png
    [2010/12/19 13:29:22 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\eric\.recently-used.xbel
    [2010/12/19 13:26:57 | 000,003,896 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\blackpantherj.png
    [2010/12/19 13:24:28 | 020,367,424 | ---- | M] (The GIMP Team ) -- C:\Documents and Settings\eric\Desktop\gimp-2.6.11-i686-setup-1.exe
    [2010/12/12 07:45:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\pixillionShakeIcon.job
    [2010/12/12 07:45:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
    [2010/12/12 07:45:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
    [2010/12/08 09:03:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    ========== Files Created - No Company Name ==========

    [2010/12/31 23:04:51 | 004,947,414 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\Never Seen Your Face Melvin Williams.mp3
    [2010/12/31 23:02:16 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
    [2010/12/26 13:58:33 | 000,573,951 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\1219102154.jpg
    [2010/12/23 15:48:57 | 000,205,833 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\font.zip
    [2010/12/23 12:52:15 | 001,116,326 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_31.zip
    [2010/12/23 12:46:21 | 001,716,794 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_37.zip
    [2010/12/23 12:25:12 | 001,596,799 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_33.zip
    [2010/12/19 18:57:58 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\T-RackS 24.lnk
    [2010/12/19 13:29:22 | 000,004,448 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\panthericon.png
    [2010/12/19 13:29:22 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\eric\.recently-used.xbel
    [2010/12/19 13:26:56 | 000,003,896 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\blackpantherj.png
    [2010/12/06 07:45:32 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\pixillionShakeIcon.job
    [2010/12/06 07:45:20 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
    [2010/12/06 07:45:18 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
    [2010/11/23 02:49:17 | 000,065,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/11/17 15:23:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/06/19 23:16:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eric\jagex__preferences3.dat
    [2009/12/29 21:35:56 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2009/12/29 21:35:56 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/12/29 21:35:56 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
    [2009/12/29 21:35:56 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2009/12/29 21:35:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2009/12/29 21:35:56 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2009/12/29 21:35:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2009/12/29 21:35:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/12/29 21:35:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2009/12/29 21:35:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2009/12/29 21:35:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2009/12/29 21:35:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2009/12/29 21:35:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/12/29 21:35:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
    [2009/12/29 21:35:56 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2009/12/29 21:35:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2009/12/29 21:35:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2009/12/29 21:35:56 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2009/12/29 21:35:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/09/29 11:01:30 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\eric\jagex_runescape_preferences2.dat
    [2009/09/29 11:00:26 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\eric\jagex_runescape_preferences.dat
    [2009/08/10 05:39:16 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
    [2009/01/06 08:41:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2008/11/28 17:24:36 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
    [2008/06/29 11:08:38 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/06/15 23:02:06 | 000,000,216 | ---- | C] () -- C:\WINDOWS\DIGIP12.INI
    [2008/06/08 06:49:27 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\eric\SysInfo.txt
    [2008/06/06 19:41:38 | 000,520,267 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
    [2007/10/22 07:50:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/10/22 07:48:05 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
    [2007/10/22 07:48:05 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/10/22 07:29:33 | 000,001,123 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 17:00:36 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
    [2004/08/11 17:00:30 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2003/01/04 23:42:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

    ========== LOP Check ==========

    [2008/06/27 01:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DSound
    [2008/06/27 06:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg
    [2010/11/25 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\.doomseeker
    [2010/05/28 12:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Ableton
    [2010/06/10 22:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\acccore
    [2010/08/20 18:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Antares
    [2010/11/06 09:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Blender Foundation
    [2009/01/11 02:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Cakewalk
    [2010/11/24 13:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\CocoonSoftware
    [2008/11/28 17:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\DAEMON Tools
    [2009/01/31 20:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\DSound
    [2010/12/19 13:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\gtk-2.0
    [2010/05/30 21:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Inbox Toolbar
    [2010/08/06 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Jasc
    [2010/12/30 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\LimeWire
    [2010/08/17 00:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\LPECommon
    [2010/10/02 15:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Meltdown
    [2010/07/29 22:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\netmarble
    [2010/08/13 11:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Nexon
    [2010/07/29 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Opera
    [2010/08/21 10:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PACE Anti-Piracy
    [2010/08/29 21:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PalaceChat 3
    [2010/08/10 16:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PriceGong
    [2010/11/16 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Publish Providers
    [2010/06/13 00:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\SiteRanker
    [2010/11/16 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Sony
    [2008/06/07 07:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Steinberg
    [2010/12/01 23:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Teeworlds
    [2009/09/26 20:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Tibia
    [2010/07/25 08:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Unity
    [2011/01/01 15:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\uTorrent
    [2010/12/12 07:45:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
    [2010/12/12 07:45:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
    [2010/12/31 23:02:17 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
    [2010/12/12 07:45:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2010/08/11 23:10:39 | 000,000,000 | ---D | M](C:\Documents and Settings\eric\My Documents\?? ???) -- C:\Documents and Settings\eric\My Documents\넥슨 플러그
    [2010/08/11 23:10:39 | 000,000,000 | ---D | C](C:\Documents and Settings\eric\My Documents\?? ???) -- C:\Documents and Settings\eric\My Documents\넥슨 플러그
    < End of report >
     
  12. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Now, wait a sec....did you say, your computer booted to safe mode?
     
  13. CameronTs

    CameronTs Techie7 New Member

    Nope.
    I tried doing safe mode but it just goes to BSOD
    Tried it after all of that and still getting BSOD
     
  14. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I don't see anything malicious in your log anymore.

    What does the BSOD say?
     
  15. CameronTs

    CameronTs Techie7 New Member

    Page_fault_in_nonpaged_area
     
  16. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)


    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.


    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.


    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.

    See, if it'll boot now.

    **Important note to Dell users - fixing the MBR may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
     
  17. CameronTs

    CameronTs Techie7 New Member

    Its Dell
     
  18. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Do you have Windows XP CD?

    Repair Dell MBR using these instructions: Using the Dell

    IMPORTANT!
    In section Creating a Dell MediaDirect Repair Utility CD, step 5, use ImgBurn: The Official ImgBurn Website to burn Dell MediaDirect Repair Utility A05.iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
     
  19. CameronTs

    CameronTs Techie7 New Member

    Nope dnt have the CD
     
  20. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Repair Dell MBR using these instructions: Using the Dell

    IMPORTANT!
    In section Creating a Dell MediaDirect Repair Utility CD, step 5, use ImgBurn: The Official ImgBurn Website to burn Dell MediaDirect Repair Utility A05.iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
     
Thread Status:
Not open for further replies.