OTL logfile created on: 1/19/2011 10:16:06 AM - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = D:\Documents and Settings\Matt & Katie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free Paging file location(s): D:\pagefile.sys 672 1344 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 8.56 Gb Total Space | 0.31 Gb Free Space | 3.57% Space Free | Partition Type: FAT32 Drive D: | 140.48 Gb Total Space | 1.84 Gb Free Space | 1.31% Space Free | Partition Type: NTFS Computer Name: MATTCHEW | User Name: Matt & Katie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Documents and Settings\Matt & Katie\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - D:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) PRC - D:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - D:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - D:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated) PRC - D:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation) PRC - D:\Program Files\iTunes\iTunes.exe (Apple Inc.) PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - D:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin) ========== Modules (SafeList) ========== MOD - D:\Documents and Settings\Matt & Katie\Desktop\OTL.exe (OldTimer Tools) MOD - D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - D:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc) ========== Win32 Services (SafeList) ========== SRV - (wuauserv) -- File not found SRV - (HidServ) -- File not found ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (MBAMSwissArmy) -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- D:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (SCDEmu) -- D:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (nv) -- D:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (nvgts) -- D:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- D:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- D:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (RT73) -- D:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (nvata) -- D:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (StreamSurge) StreamSurge Driver (miniport) -- D:\WINDOWS\system32\drivers\ss.sys (WikiTek Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.entru.com/?s=21982 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3 FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/11 21:08:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/01/18 14:35:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/01/18 14:35:16 | 000,000,000 | ---D | M] [2009/09/18 08:54:26 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Extensions [2008/12/08 20:10:16 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/09/18 08:54:26 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2011/01/18 14:37:13 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Firefox\Profiles\sraz4s3o.default\extensions [2009/09/03 06:32:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Firefox\Profiles\sraz4s3o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/01/18 14:37:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Firefox\Profiles\sraz4s3o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/01/18 14:37:12 | 000,000,000 | ---D | M] ("StumbleUpon") -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Firefox\Profiles\sraz4s3o.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2011/01/18 14:37:12 | 000,000,000 | ---D | M] (PitchDark) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Firefox\Profiles\sraz4s3o.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2011/01/17 08:48:08 | 000,000,000 | ---D | M] (Yontoo Layers) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Firefox\Profiles\sraz4s3o.default\extensions\plugin@yontoo.com [2011/01/17 08:48:24 | 000,000,000 | ---D | M] (Search Toolbar) -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Firefox\Profiles\sraz4s3o.default\extensions\searchtoolbar@zugo.com [2011/01/17 08:48:25 | 000,001,919 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Application Data\Mozilla\Firefox\Profiles\sraz4s3o.default\searchplugins\bing-zugo.xml [2011/01/18 14:25:08 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions [2011/01/18 14:35:00 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/01/11 21:08:53 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/04/29 15:38:34 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/08/10 15:32:58 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010/04/07 15:58:15 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010/07/09 17:35:09 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/21 23:20:17 | 000,000,000 | ---D | M] (Move Media Player) -- D:\DOCUMENTS AND SETTINGS\MATT & KATIE\APPLICATION DATA\MOVE NETWORKS [2009/01/11 21:08:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/01/18 14:34:58 | 000,025,048 | ---- | M] (Mozilla Foundation) -- D:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2011/01/18 14:34:58 | 000,140,248 | ---- | M] (Mozilla Foundation) -- D:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/11/13 18:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- D:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2008/06/27 18:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2011/01/18 14:35:01 | 000,066,520 | ---- | M] (mozilla.org) -- D:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL [2008/06/11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/02/17 13:44:17 | 000,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/02/17 13:44:17 | 000,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/02/17 13:44:17 | 000,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/02/17 13:44:17 | 000,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/02/17 13:44:17 | 000,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/02/17 13:44:17 | 000,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/02/17 13:44:17 | 000,143,360 | ---- | M] (Apple Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2011/01/18 14:35:08 | 000,001,394 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2011/01/18 14:35:09 | 000,002,193 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2011/01/17 10:49:03 | 000,001,919 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml [2011/01/18 14:35:09 | 000,001,534 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2011/01/18 14:35:09 | 000,002,344 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2011/01/18 14:35:09 | 000,002,371 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\google.xml [2011/01/18 14:35:09 | 000,001,178 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2011/01/18 14:35:09 | 000,001,096 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2011/01/17 17:28:20 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - D:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - D:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.) O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - D:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.) O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - D:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - D:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [F5D9050] D:\Program Files\Belkin\F5D9050\Belkinwcui.exe (Belkin) O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] D:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [bitTorrent DNA] D:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = D:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - d:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (D:\WINDOWS\system32\wbsys.dll) - D:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (LogonUI.EXE) - D:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - D:\Program Files\Common Files\stardock\MCPCore.dll (Stardock) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\Matt & Katie\Desktop\44.PNG O24 - Desktop BackupWallPaper: D:\Documents and Settings\Matt & Katie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011/01/19 10:15:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Matt & Katie\Desktop\OTL.exe [2011/01/18 14:40:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Macromedia [2011/01/18 14:40:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Adobe [2011/01/17 17:40:59 | 000,000,000 | -HSD | C] -- D:\RECYCLER [2011/01/17 17:10:37 | 000,000,000 | ---D | C] -- D:\AVGTemp [2011/01/17 17:01:40 | 000,000,000 | ---D | C] -- D:\WINDOWS\CSC [2011/01/17 16:47:25 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Matt & Katie\Recent [2011/01/17 14:36:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SafeReturner [2011/01/17 11:00:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Sun [2011/01/17 10:50:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Mozilla [2011/01/17 10:48:56 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\%APPDATA% [2011/01/17 08:48:04 | 000,000,000 | ---D | C] -- D:\Program Files\Yontoo Layers Client [2011/01/17 08:48:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Tarma Installer [2011/01/17 02:39:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/01/17 02:39:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe [2011/01/16 03:15:29 | 000,000,000 | ---D | C] -- D:\Program Files\FLAC [2011/01/16 03:15:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\FLAC [2011/01/13 18:07:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Matt & Katie\Desktop\S_Trem [2011/01/04 20:35:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Matt & Katie\Gabrielized Loops [2011/01/03 20:31:14 | 000,000,000 | ---D | C] -- D:\DrumCore Data [2011/01/03 18:59:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Matt & Katie\Desktop\temp [2011/01/03 18:38:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Matt & Katie\Desktop\Carpe Noctem [2011/01/03 17:49:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Matt & Katie\Desktop\mp3 [2011/01/01 00:19:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Submersible [2010/12/31 19:46:21 | 000,000,000 | ---D | C] -- D:\DrumCore Data.old [2010/12/31 15:36:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Matt & Katie\Desktop\EP [2010/12/30 22:40:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ndproxy.sys [2010/12/30 22:26:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wab.exe [2010/12/30 22:24:47 | 000,974,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mfc42.dll [2010/12/30 22:24:47 | 000,953,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mfc40u.dll [5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/01/19 10:18:26 | 000,761,344 | ---- | M] () -- D:\WINDOWS\System32\drivers\geqttm.sys [2011/01/19 10:16:38 | 000,296,448 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\y68m67i6.exe [2011/01/19 10:16:10 | 000,000,436 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{37F52C48-EE75-4830-8F76-4C4F757B1D8C}.job [2011/01/19 10:15:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Matt & Katie\Desktop\OTL.exe [2011/01/18 22:52:56 | 000,097,365 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\166348_1620279461716_1078313851_31449070_7574573_n.jpg [2011/01/18 22:35:45 | 008,233,032 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\09 Ballad Of A Cynic.mp3 [2011/01/18 21:51:55 | 000,000,032 | ---- | M] () -- D:\WINDOWS\System32\w3data.vss [2011/01/18 21:51:55 | 000,000,032 | ---- | M] () -- D:\WINDOWS\System32\msvcsv60.dll [2011/01/18 21:51:55 | 000,000,032 | ---- | M] () -- D:\WINDOWS\msocreg32.dat [2011/01/18 20:44:16 | 000,026,461 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\bohemian_grove2.jpg [2011/01/18 19:40:19 | 000,010,593 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\Assignments.docx [2011/01/18 13:40:53 | 000,054,016 | ---- | M] () -- D:\WINDOWS\System32\drivers\qmqb.sys [2011/01/18 03:16:59 | 001,230,907 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\44.PNG [2011/01/18 03:13:51 | 000,425,777 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\222.png [2011/01/18 03:12:00 | 000,508,741 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\11.png [2011/01/18 03:09:24 | 001,253,946 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\4.png [2011/01/18 03:08:40 | 001,325,649 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\3.png [2011/01/18 03:06:21 | 000,917,343 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\2.png [2011/01/18 03:05:07 | 000,838,158 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\100_3003_PopArt_7.png [2011/01/17 19:47:59 | 000,083,466 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\Desktop\12.JPG [2011/01/17 17:35:32 | 000,054,016 | ---- | M] () -- D:\WINDOWS\System32\drivers\pdcqgjh.sys [2011/01/17 17:28:28 | 000,201,106 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml [2011/01/17 17:28:20 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts [2011/01/17 17:28:06 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2011/01/17 17:00:21 | 000,000,163 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\default.pls [2011/01/17 16:51:50 | 000,410,288 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2011/01/17 16:46:49 | 000,197,934 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\My Documents\Registry Jan 17th.reg [2011/01/17 16:27:47 | 000,000,120 | ---- | M] () -- D:\WINDOWS\Kyelikerevaf.dat [2011/01/17 15:12:50 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2011/01/17 10:49:52 | 000,069,632 | RHS- | M] () -- D:\WINDOWS\System32\sndrec32E.dll [2011/01/17 08:49:37 | 000,000,000 | ---- | M] () -- D:\WINDOWS\Iyidites.bin [2011/01/16 03:15:29 | 000,001,525 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk [2011/01/14 12:52:02 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/01/10 05:21:00 | 000,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini [2011/01/03 20:32:08 | 000,233,472 | ---- | M] (Propellerhead Software AB) -- D:\WINDOWS\System32\REX Shared Library.dll [2011/01/03 17:49:41 | 000,379,041 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\My Documents\Record Static-SoundBible.com-306727640.mp3 [2011/01/02 21:08:44 | 000,570,698 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\My Documents\095 AW ND.rx2 [2011/01/02 21:00:38 | 000,018,546 | ---- | M] () -- D:\Documents and Settings\Matt & Katie\gmon.out [2010/12/31 03:04:40 | 000,435,700 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2010/12/31 03:04:39 | 000,068,214 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2010/12/30 15:35:02 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys [5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/01/19 10:16:37 | 000,296,448 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\y68m67i6.exe [2011/01/18 22:52:56 | 000,097,365 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\166348_1620279461716_1078313851_31449070_7574573_n.jpg [2011/01/18 22:35:33 | 008,233,032 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\09 Ballad Of A Cynic.mp3 [2011/01/18 20:44:16 | 000,026,461 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\bohemian_grove2.jpg [2011/01/18 19:40:19 | 000,010,593 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\Assignments.docx [2011/01/18 13:40:53 | 000,054,016 | ---- | C] () -- D:\WINDOWS\System32\drivers\qmqb.sys [2011/01/18 03:16:59 | 001,230,907 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\44.PNG [2011/01/18 03:13:50 | 000,425,777 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\222.png [2011/01/18 03:11:59 | 000,508,741 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\11.png [2011/01/18 03:09:23 | 001,253,946 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\4.png [2011/01/18 03:08:39 | 001,325,649 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\3.png [2011/01/18 03:06:21 | 000,917,343 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\2.png [2011/01/18 03:05:07 | 000,838,158 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\100_3003_PopArt_7.png [2011/01/17 19:31:21 | 000,083,466 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Desktop\12.JPG [2011/01/17 17:44:53 | 000,000,032 | ---- | C] () -- D:\WINDOWS\System32\msvcsv60.dll [2011/01/17 17:35:32 | 000,054,016 | ---- | C] () -- D:\WINDOWS\System32\drivers\pdcqgjh.sys [2011/01/17 17:17:10 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe [2011/01/17 17:17:10 | 000,089,088 | ---- | C] () -- D:\WINDOWS\MBR.exe [2011/01/17 16:46:40 | 000,197,934 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\My Documents\Registry Jan 17th.reg [2011/01/17 10:49:52 | 000,069,632 | RHS- | C] () -- D:\WINDOWS\System32\sndrec32E.dll [2011/01/17 08:49:37 | 000,000,120 | ---- | C] () -- D:\WINDOWS\Kyelikerevaf.dat [2011/01/17 08:49:37 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Iyidites.bin [2011/01/17 08:48:03 | 000,761,344 | ---- | C] () -- D:\WINDOWS\System32\drivers\geqttm.sys [2011/01/16 03:15:29 | 000,001,525 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\FLAC Frontend.lnk [2011/01/03 17:49:40 | 000,379,041 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\My Documents\Record Static-SoundBible.com-306727640.mp3 [2011/01/02 21:08:44 | 000,570,698 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\My Documents\095 AW ND.rx2 [2011/01/02 21:00:38 | 000,018,546 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\gmon.out [2010/07/09 18:48:46 | 000,000,017 | ---- | C] () -- D:\WINDOWS\PCMGMP.INI [2010/06/29 20:18:47 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\F5D9050.dll [2010/04/07 00:16:40 | 000,015,802 | -HS- | C] () -- D:\Documents and Settings\Matt & Katie\Local Settings\Application Data\C6158646 [2010/04/07 00:16:40 | 000,015,802 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\C6158646 [2010/02/23 20:54:15 | 000,013,094 | -HS- | C] () -- D:\Documents and Settings\Matt & Katie\Local Settings\Application Data\Xi7h20PI0 [2010/02/19 14:37:32 | 000,061,678 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Application Data\PFP110JPR.{PB [2010/02/19 14:37:32 | 000,012,358 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Application Data\PFP110JCM.{PB [2009/12/27 23:07:49 | 000,000,040 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\.zreglib [2009/03/20 01:35:41 | 000,000,024 | ---- | C] () -- D:\WINDOWS\LogonStudio.ini [2009/03/20 01:34:27 | 000,187,392 | ---- | C] () -- D:\WINDOWS\System32\JPGUtils.dll [2009/01/22 15:26:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS\WB.ini [2008/12/23 20:28:10 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini [2008/12/18 15:38:08 | 000,064,000 | ---- | C] () -- D:\Documents and Settings\Matt & Katie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/07 07:35:27 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI [2008/11/21 15:47:52 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll [2008/09/17 09:55:00 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll [2008/09/17 09:55:00 | 001,507,328 | ---- | C] () -- D:\WINDOWS\System32\nview.dll [2008/09/17 09:55:00 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll [2008/09/17 09:55:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll [2008/09/17 09:55:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll [2006/01/20 11:56:58 | 000,086,016 | ---- | C] () -- D:\WINDOWS\System32\Machinist2.dll [2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll [2002/02/28 17:30:13 | 000,089,600 | ---- | C] () -- D:\WINDOWS\System32\mp4fil32.dll ========== LOP Check ========== [2010/01/06 21:29:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Avery [2009/01/22 13:11:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Grisoft [2009/01/14 21:52:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\LOUD Technologies [2008/12/09 11:38:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NexonUS [2008/12/07 16:17:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2011/01/17 14:36:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SafeReturner [2009/12/27 23:07:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SlySoft [2010/06/10 20:07:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SpeedBit [2011/01/01 00:19:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Submersible [2011/01/17 08:48:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Tarma Installer [2011/01/08 19:18:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP [2011/01/18 21:55:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Tracktion 3 [2009/02/02 12:24:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/04/17 16:43:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{B912DA22-7AAD-474B-8C8F-D82FF0C33BF5} [2010/06/22 07:41:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\Antares [2011/01/19 02:03:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\BitTorrent [2011/01/19 10:12:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\DNA [2009/10/01 17:17:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\FinalBurner Video DVD [2009/02/02 00:25:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\GetRightToGo [2008/12/07 13:57:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\Grisoft [2009/10/01 17:13:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\ImgBurn [2008/12/23 19:49:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\InfraRecorder [2010/08/28 23:16:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\LimeWire [2010/01/06 21:03:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\Office Depot Labels Software [2009/03/05 13:31:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\Submersible [2011/01/18 21:55:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Matt & Katie\Application Data\Tracktion 3 [2011/01/19 10:16:10 | 000,000,436 | -H-- | M] () -- D:\WINDOWS\Tasks\User_Feed_Synchronization-{37F52C48-EE75-4830-8F76-4C4F757B1D8C}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 < End of report > OTL Extras logfile created on: 1/19/2011 10:16:06 AM - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = D:\Documents and Settings\Matt & Katie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free Paging file location(s): D:\pagefile.sys 672 1344 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 8.56 Gb Total Space | 0.31 Gb Free Space | 3.57% Space Free | Partition Type: FAT32 Drive D: | 140.48 Gb Total Space | 1.84 Gb Free Space | 1.31% Space Free | Partition Type: NTFS Computer Name: MATTCHEW | User Name: Matt & Katie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "D:\Nexon\Combat Arms\CombatArms.exe" = D:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "D:\Nexon\Combat Arms\Engine.exe" = D:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "D:\Program Files\DNA\btdna.exe" = D:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "D:\Program Files\BitTorrent\bittorrent.exe" = D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "D:\Program Files\Mozilla Firefox\firefox.exe" = D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "D:\Program Files\Java\jre6\bin\rmiregistry.exe" = D:\Program Files\Java\jre6\bin\rmiregistry.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{11E5BA77-46D3-491C-988A-6B1E7FB78BB2}" = 183086 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{246B1C35-590F-4B2F-B1B3-6CF57E752EE7}" = GEAR driver installer for x86 and x64 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 20 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{70DBE9DF-EB33-4B56-BCB5-08D5A400A79A}" = SampleTank 2.x SE "{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BA8D8DE-C7DF-4E65-9099-05475BB53663}" = AmpliTube 1.x LE "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01 "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DAA0D4D-C955-4294-8BAA-F127118B5F5E}" = 183317 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9922FE96-6803-498D-A6AD-4EB5A3B956A5}" = Belkin Wireless G Plus MIMO USB Network Adapter "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP) "{BF26E713-43CD-43AD-AF28-A905C1E26D8C}" = DVDneXtCOPY3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "AnalogX AutoTune" = AnalogX AutoTune "Antares Autotune VST_is1" = Antares Autotune VST v5.09 "AviSynth" = AviSynth 2.5 "BitTorrent" = BitTorrent "CCleaner" = CCleaner (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "DVDneXtCOPY" = DVDneXtCOPY "FLAC" = FLAC 1.2.1b (remove only) "Garritan GPO Tracktion 3 Edition" = Garritan GPO Tracktion 3 Edition "ie8" = Windows Internet Explorer 8 "InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition "Lexicon" = Lexicon "Link.USB" = Link.USB "Machinist2DLL" = Machinist2DLL "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "PowerISO" = PowerISO "PUBLISHER" = Microsoft Office Publisher 2007 "SpeedBit Video Downloader" = SpeedBit Video Downloader "Tracktion 3.0_is1" = Tracktion 3.0.4.8 "VLC media player" = VLC media player 1.0.1 "VobSub" = VobSub v2.23 (Remove Only) "Win AVI HelixSDK_is1" = Win AVI HelixSDK "WinAVI Video Converter_is1" = WinAVI Video Converter "WindowBlinds" = WindowBlinds "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WORD" = Microsoft Office Word 2007 "YouTube Downloader App" = YouTube Downloader App 1.03 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "Move Media Player" = Move Media Player "World of Warcraft Trial" = World of Warcraft Trial ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/17/2011 6:16:37 PM | Computer Name = MATTCHEW | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845. Error - 1/17/2011 6:31:50 PM | Computer Name = MATTCHEW | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80110472 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 1/17/2011 6:31:50 PM | Computer Name = MATTCHEW | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 1/17/2011 6:57:25 PM | Computer Name = MATTCHEW | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80110472 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 1/17/2011 6:57:25 PM | Computer Name = MATTCHEW | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 1/17/2011 7:25:25 PM | Computer Name = MATTCHEW | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 1/17/2011 7:25:25 PM | Computer Name = MATTCHEW | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 1/17/2011 7:25:29 PM | Computer Name = MATTCHEW | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 1/17/2011 7:25:38 PM | Computer Name = MATTCHEW | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 1/17/2011 7:25:39 PM | Computer Name = MATTCHEW | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. [ OSession Events ] Error - 2/19/2010 4:48:23 PM | Computer Name = MATTCHEW | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 108 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 1/13/2011 12:02:18 AM | Computer Name = MATTCHEW | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.9 for the Network Card with network address 00173F74E5C9 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). Error - 1/16/2011 4:48:28 PM | Computer Name = MATTCHEW | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.9 for the Network Card with network address 00173F74E5C9 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). Error - 1/16/2011 4:49:33 PM | Computer Name = MATTCHEW | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F74E5C9. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Error - 1/17/2011 5:15:33 AM | Computer Name = MATTCHEW | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error - 1/17/2011 10:48:03 AM | Computer Name = MATTCHEW | Source = Service Control Manager | ID = 7000 Description = The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: %%31 Error - 1/17/2011 1:50:56 PM | Computer Name = MATTCHEW | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F74E5C9. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Error - 1/17/2011 1:51:04 PM | Computer Name = MATTCHEW | Source = Service Control Manager | ID = 7023 Description = The MicroSoft AutoThemes Manager service terminated with the following error: %%126 Error - 1/17/2011 1:51:08 PM | Computer Name = MATTCHEW | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: nvata Error - 1/17/2011 1:51:56 PM | Computer Name = MATTCHEW | Source = Service Control Manager | ID = 7023 Description = The iPod Service service terminated with the following error: %%2147549465 Error - 1/17/2011 1:52:22 PM | Computer Name = MATTCHEW | Source = DCOM | ID = 10010 Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register with DCOM within the required timeout. < End of report > GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-19 14:50:22 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST316081 rev.3.AH Running: y68m67i6.exe; Driver: D:\DOCUME~1\MATT&K~1\LOCALS~1\Temp\pwloypow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text geqttm.sys B9EAB000 7 Bytes JMP B9EDB2F5 geqttm.sys .text geqttm.sys B9EAB008 10 Bytes JMP 64DFB49A .text geqttm.sys B9EAB013 77 Bytes [8B, 45, 00, 66, 0F, BE, D3, ...] .text geqttm.sys B9EAB062 9 Bytes [60, F9, 83, C5, 02, E9, B4, ...] .text geqttm.sys B9EAB06C 29 Bytes [0F, 8D, 12, 0C, 00, 00, 60, ...] .text ... ? D:\WINDOWS\system32\drivers\geqttm.sys A device attached to the system is not functioning. PAGE Ntfs.sys B9D46E55 4 Bytes CALL 8A4958E1 .text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8551360, 0x35363F, 0xE8000020] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A51D950 Device \Driver\Tcpip \Device\Ip 8A14A418 Device \Driver\Tcpip \Device\Tcp 8A14A418 Device \Driver\Tcpip \Device\Udp 8A14A418 Device \Driver\Tcpip \Device\RawIp 8A14A418 Device \Driver\Tcpip \Device\IPMULTICAST 8A14A418 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [bOOT] geqttm <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\geqttm@hshxgtt -1705773241 Reg HKLM\SYSTEM\ControlSet002\Services\geqttm@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\geqttm@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\geqttm@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\geqttm@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\geqttm@hshxgtt -1705773241 Reg HKLM\SYSTEM\CurrentControlSet\Services\geqttm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\geqttm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\geqttm@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\geqttm@Group Boot Bus Extender And also, I git avg to uninstall and ran combofix. Every program that I've used to detect and remove it says it will be removed upon reboot, but no such luck. I always pick it up with malwarebytes again.