BleepingComputer.com: Windows Defender

Guys, I wanted a little help out here. I'm using windows vista and was trying to check the capabilities of Windows Defender. I installed a keylogger named "All in One keylogger" and tried to see in windows defender if it is visible in the 'currently running programs' for all users but to my surprise..it was'nt there. Now I fear, there might be many other unwanted programs running in my computer..Can someone please suggest any software that shows ALL the current running programs so that I can disable all the Unwanted programs that I don't want?

Some of the keyloggers and trojans are UNDETECTED by anti viruses..can someone please guide me about what to do about them?

Thanks in Advance

And the keylogger is'nt even appearing in the 'Startup Program' list. [for all users]

and one more thing guys, after unchecking 'Hide program from task manager' option in the keylogger screen..now, its visible in the windows defender software explorer screen as 'indexer file' and 'sver'..I don't have any idea but guys please suggest a program that shows ALL program that are running

You might try WinPatrol.

Process Explorer should help
http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

garmanma, on Nov 16 2009, 06:53 AM, said:

I tired using it. its not visible in process explorer.

Though its visible in 'autoruns'.

Try one of these

Please download SINO by Artellos from here

• Save SINO to a place you can remember and run SINO.exe.
  
• Then please check the following checkboxes:
  [CODEX]System Info
  Services
  Boot Check
  Tasklist
  Startup Items
  Ipconfig
  Ping
  Netstat
  Hosts file
  Shares
  Routing Table[/CODEX]
  
• Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  
• A notepad file will pop up, Please copy and paste the content of the notepad into your next reply.

Note: If you try to interact with the program once it's started scanning it might appear to hang. The scan however will continue.

==================================

• download OTL from one of the following mirrors:
  • This is THE Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Push the button.
  
• Two reports will open, :
  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized

sir here are the contents of the notepad after running sino

System Investigator by Olrik
Log Created On: 1240_17-11-2009
SINO Version: 2.4.9.9

Total RAM: 638 MB | Free RAM: 203 MB | Pagefile Size: 1024 MB
A: | None | 3 1/2 Inch Floppy Drive
C: | 8685 MB out of 30718 MB Free | Local Fixed Disk
D: | 58184 MB out of 83745 MB Free | Local Fixed Disk

<<<< System Information >>>>

Computer Name: SAM-PC
Username: SAM
Language Setting: ENU
Windows Directory: C:\Windows
Windows Version: Windows Vista
UAC Status: On

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[smss.exe] - Process ID: 368
[C:\Windows\system32\csrss.exe] - Process ID: 436
[C:\Windows\system32\wininit.exe] - Process ID: 480
[C:\Windows\system32\csrss.exe] - Process ID: 488
[C:\Windows\system32\winlogon.exe] - Process ID: 524
[C:\Windows\system32\services.exe] - Process ID: 560
[C:\Windows\system32\lsass.exe] - Process ID: 580
[C:\Windows\system32\lsm.exe] - Process ID: 588
[C:\Windows\system32\svchost.exe] - Process ID: 756
[c:\windows\system32\ggvokl.exe] - Process ID: 800
[C:\Windows\system32\svchost.exe] - Process ID: 832
[C:\Windows\System32\svchost.exe] - Process ID: 860
[C:\Windows\System32\svchost.exe] - Process ID: 996
[C:\Windows\System32\svchost.exe] - Process ID: 1024
[C:\Windows\system32\svchost.exe] - Process ID: 1036
[audiodg.exe] - Process ID: 1116
[C:\Windows\system32\SLsvc.exe] - Process ID: 1152
[C:\Windows\system32\svchost.exe] - Process ID: 1236
[C:\Windows\system32\svchost.exe] - Process ID: 1364
[C:\Windows\System32\spoolsv.exe] - Process ID: 1552
[C:\Windows\system32\svchost.exe] - Process ID: 1576
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] - Process ID: 1780
[C:\Program Files\Bonjour\mDNSResponder.exe] - Process ID: 1804
[C:\Windows\system32\svchost.exe] - Process ID: 1852
[C:\Windows\system32\svchost.exe] - Process ID: 380
[C:\Windows\System32\svchost.exe] - Process ID: 400
[C:\Windows\system32\SearchIndexer.exe] - Process ID: 692
[C:\Windows\system32\Dwm.exe] - Process ID: 908
[C:\Windows\Explorer.EXE] - Process ID: 1840
[C:\Windows\system32\taskeng.exe] - Process ID: 1812
[C:\Program Files\Windows Defender\MSASCui.exe] - Process ID: 2176
[C:\Program Files\iTunes\iTunesHelper.exe] - Process ID: 2192
[C:\Windows\System32\wpcumi.exe] - Process ID: 2200
[c:\program files\bqjftllatpd\ggvok.exe] - Process ID: 2216
[C:\Program Files\AoboBlocker\AoboBlocker.exe] - Process ID: 2240
[C:\Program Files\Windows Media Player\wmpnscfg.exe] - Process ID: 2276
[c:\program files\bqjftllatpd\ggvok.exe] - Process ID: 2300
[C:\Windows\system32\taskeng.exe] - Process ID: 2708
[C:\Program Files\Windows Media Player\wmpnetwk.exe] - Process ID: 3060
[C:\Program Files\iPod\bin\iPodService.exe] - Process ID: 3492
[C:\Users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe] - Process ID: 284
[C:\Windows\servicing\TrustedInstaller.exe] - Process ID: 396
[C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe] - Process ID: 3248
[C:\Users\SAM\AppData\Local\Google\Chrome\Application\chrome.exe] - Process ID: 3704
[C:\Users\SAM\AppData\Local\Google\Chrome\Application\chrome.exe] - Process ID: 2268
[C:\Users\SAM\AppData\Local\Temp\SINO\SINO.exe] - Process ID: 2160
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 4008
[C:\Windows\system32\wbem\WmiApSrv.exe] - Process ID: 3416
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 296

<<<< Startup Items >>>>

[Sidebar] - <HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
[WindowsWelcomeCenter] - <HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - rundll32.exe oobefldr.dll,ShowWelcomeCenter
[Sidebar] - <HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
[WindowsWelcomeCenter] - <HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - rundll32.exe oobefldr.dll,ShowWelcomeCenter
[uTorrent] - <HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\uTorrent\uTorrent.exe"
[Messenger (Yahoo!)] - <HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[WMPNSCFG] - <HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Windows Media Player\WMPNSCFG.exe
[Windows Defender] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
[QuickTime Task] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\iTunes\iTunesHelper.exe"
[WPCUMI] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Windows\system32\WpcUmi.exe
[AoboBlocker] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\AoboBlocker\AoboBlocker.exe

<<<< MS Services >>>>

Windows Audio (Audiosrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Background Intelligent Transfer Service (BITS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Windows Event Log (Eventlog) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
COM+ Event System (EventSystem) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Server (LanmanServer) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Workstation (LanmanWorkstation) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k LocalService
TCP/IP NetBIOS Helper (lmhosts) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
IPsec Policy Agent (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Remote Access Connection Manager (RasMan) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
System Event Notification Service (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\spoolsv.exe
SSDP Discovery (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k imgsvc
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Terminal Services (TermService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
UPnP Device Host (upnphost) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Management Instrumentation (Winmgmt) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
WMI Performance Adapter (wmiApSrv) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\wbem\WmiApSrv.exe
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Windows Update (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Application Layer Gateway Service (ALG) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\alg.exe
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Computer Browser (Browser) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Wired AutoConfig (dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Extensible Authentication Protocol (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Media Center Receiver Service (ehRecvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehRecvr.exe
Windows Media Center Scheduler Service (ehSched) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehsched.exe
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Human Interface Device Access (hidserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Health Key and Certificate Management (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\msdtc.exe
Windows Installer (msiserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\msiexec /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Netlogon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Protected Storage (ProtectedStorage) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k regsvc
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\locator.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Internet Connection Sharing (ICS) (SharedAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Microsoft Software Shadow Copy Provider (swprv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k swprv
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\vssvc.exe

<<<< Non-MS Services >>>>

Application Experience (AeLookupSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Application Information (Appinfo) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Apple Mobile Device (Apple Mobile Device) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Windows Audio Endpoint Builder (AudioEndpointBuilder) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Base Filtering Engine (BFE) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Bonjour Service (Bonjour Service) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Bonjour\mDNSResponder.exe"
bsvxyirxaqnton (bsvxyirxaqnton) - Running [Auto | Not_Stoppable | Not_Pausable] - c:\windows\system32\ggvokl.exe
Offline Files (CscService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Diagnostic Policy Service (DPS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
ReadyBoost (EMDMgmt) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Function Discovery Provider Host (fdPHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Function Discovery Resource Publication (FDResPub) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Group Policy Client (gpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
IKE and AuthIP IPsec Keying Modules (IKEEXT) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
IP Helper (iphlpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetSvcs
iPod Service (iPod Service) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\iPod\bin\iPodService.exe"
KtmRm for Distributed Transaction Coordinator (KtmRm) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Multimedia Class Scheduler (MMCSS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Firewall (MpsSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Network List Service (netprofm) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Network Location Awareness (NlaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Network Store Interface Service (nsi) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Peer Networking Identity Manager (p2pimsvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Program Compatibility Assistant Service (PcaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Peer Name Resolution Protocol (PNRPsvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
User Profile Service (ProfSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Software Licensing (slsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SLsvc.exe
Superfetch (SysMain) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Tablet PC Input Service (TabletInputService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Modules Installer (TrustedInstaller) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\servicing\TrustedInstaller.exe
Desktop Window Manager Session Manager (UxSms) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Diagnostic System Host (WdiSystemHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Error Reporting Service (WerSvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k WerSvcGroup
Windows Defender (WinDefend) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k secsvcs
Parental Controls (WPCSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Portable Device Enumerator Service (WPDBusEnum) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Search (WSearch) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SearchIndexer.exe /Embedding
Certificate Propagation (CertPropSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
DFS Replication (DFSR) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\DFSR.exe
Windows Media Center Service Launcher (ehstart) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Fax (Fax) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\fxssvc.exe
PnP-X IP Bus Enumerator (IPBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
CNG Key Isolation (KeyIso) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Link-Layer Topology Discovery Mapper (lltdsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Windows Media Center Extender Service (Mcx2Svc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Microsoft iSCSI Initiator Service (MSiSCSI) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Peer Networking Grouping (p2psvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Performance Logs & Alerts (pla) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
PNRP Machine Name Publication Service (PNRPAutoReg) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Quality Windows Audio Video Experience (QWAVE) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Smart Card Removal Policy (SCPolicySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Backup (SDRSVC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k SDRSVC
Terminal Services Configuration (SessionEnv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
SL UI Notification Service (SLUINotify) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
SNMP Trap (SNMPTRAP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\snmptrap.exe
TPM Base Services (TBS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Thread Ordering Server (THREADORDER) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Interactive Services Detection (UI0Detect) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\UI0Detect.exe
Terminal Services UserMode Port Redirector (UmRdpService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Virtual Disk (vds) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\vds.exe
Block Level Backup Engine Service (wbengine) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\system32\wbengine.exe"
Windows Connect Now - Config Registrar (wcncsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Windows Color System (WcsPlugInService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k wcssvc
Diagnostic Service Host (WdiServiceHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k wdisvc
Windows Event Collector (Wecsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Problem Reports and Solutions Control Panel Support (wercplsupport) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Remote Management (WS-Management) (WinRM) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
WLAN AutoConfig (Wlansvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

<<<< bcdedit >>>>


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {d9d96ed3-c9ed-11de-9bd7-d3bd00db5e60}
nx OptIn

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: SAM-PC | ID: 2004 | Source: usbperf | Type: Error | Date: 17-11-9 12:39:58 | Log: Application
Message: Usbperf data collection failed. Collect function called with usupported Query Type.


Computer Name: SAM-PC | ID: 1017 | Source: Perflib | Type: Error | Date: 17-11-9 12:39:54 | Log: Application
Message: <The description for Event ID ( 1017 ) in Source ( u'Perflib' ) could not be found. It contains the following insertion string(s):u'PolicyAgent'.>

Computer Name: SAM-PC | ID: 1005 | Source: Perflib | Type: Error | Date: 17-11-9 12:39:54 | Log: Application
Message: <The description for Event ID ( 1005 ) in Source ( u'Perflib' ) could not be found. It contains the following insertion string(s):u'OpenIPSecPerformanceData, C:\\Windows\\System32\\ipsecsvc.dll, PolicyAgent, 4'.>

Computer Name: SAM-PC | ID: 1010 | Source: Perflib | Type: Error | Date: 17-11-9 12:39:52 | Log: Application
Message: <The description for Event ID ( 1010 ) in Source ( u'Perflib' ) could not be found. It contains the following insertion string(s):u'EmdCache, C:\\Windows\\system32\\emdmgmt.dll, 4'.>

Computer Name: SAM-PC | ID: 1008 | Source: Perflib | Type: Error | Date: 17-11-9 12:39:52 | Log: Application
Message: <The description for Event ID ( 1008 ) in Source ( u'Perflib' ) could not be found. It contains the following insertion string(s):u'DFSR, C:\\Windows\\System32\\DfsrPerf.dll, 4'.>

<<<< Last 5 System Errors or Warnings >>>>

Computer Name: SAM-PC | ID: 6037 | Source: LsaSrv | Type: Warning | Date: 17-11-9 12:24:57 | Log: System
Message: The program lsass.exe, with the assigned process ID 580, could not authenticate locally by using the target name host/\\SAM-PC. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.

Try a different target name.


Computer Name: SAM-PC | ID: 6008 | Source: EventLog | Type: Error | Date: 17-11-9 12:9:59 | Log: System
Message: The previous system shutdown at 9:26:31 AM on 11/17/2009 was unexpected.


Computer Name: SAM-PC | ID: 1002 | Source: Dhcp | Type: Error | Date: 17-11-9 8:51:25 | Log: System
Message: The IP address lease 192.168.1.3 for the Network Card with network address 00E04CFF133D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


Computer Name: SAM-PC | ID: 1003 | Source: Dhcp | Type: Warning | Date: 17-11-9 8:51:25 | Log: System
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00E04CFF133D. The following error occurred:
%%2163146757. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


Computer Name: SAM-PC | ID: 6008 | Source: EventLog | Type: Error | Date: 17-11-9 8:51:23 | Log: System
Message: The previous system shutdown at 1:16:07 AM on 11/17/2009 was unexpected.


<<<< Special Events >>>>

There were no special events found<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : SAM-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC #2
Physical Address. . . . . . . . . : 00-E0-4C-FF-13-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::81e0:6b7d:dc4e:c7d0%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 17, 2009 12:12:54 PM
Lease Expires . . . . . . . . . . : Wednesday, November 18, 2009 12:12:54 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234938444
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:cf2e:3096:e2:fbf8:8557:31fd(Preferred)
Link-local IPv6 Address . . . . . : fe80::e2:fbf8:8557:31fd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{DCFE6970-BF40-47DC-AA98-43523EC8E95C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.3%11(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled


<<<< Pinging >>>>

OpenDNS Domain Test
Pinging to www.opendns.com [208.69.38.150]:

Packets: Sent = 4, Received = 0, Lost = 4
Minimum = None - Maximum = None

OpenDNS IP Test
Pinging to 208.67.222.222 [208.67.222.222]:

Packets: Sent = 4, Received = 0, Lost = 4
Minimum = None - Maximum = None

YouTube Domain Test
Pinging to www.youtube.com [209.85.231.102]:

Packets: Sent = 4, Received = 0, Lost = 4
Minimum = None - Maximum = None

YouTube IP Test
Pinging to 208.117.236.69 [208.117.236.69]:

Packets: Sent = 4, Received = 0, Lost = 4
Minimum = None - Maximum = None

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
Eventlog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
nsi
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING
[services.exe]
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING
[mDNSResponder.exe]
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:27015 127.0.0.1:49209 ESTABLISHED
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:49209 127.0.0.1:27015 ESTABLISHED
[iTunesHelper.exe]
TCP 192.168.1.3:139 0.0.0.0:0 LISTENING

Can not obtain ownership information
TCP 192.168.1.3:49409 209.85.231.99:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49410 209.85.231.100:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49441 125.252.226.40:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49449 122.168.192.40:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49454 209.85.231.102:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49455 122.168.192.48:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49468 209.85.231.101:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49470 209.85.231.147:80 TIME_WAIT
TCP 192.168.1.3:49472 209.85.231.101:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49473 209.85.231.99:80 ESTABLISHED
[chrome.exe]
TCP 192.168.1.3:49474 69.163.167.204:80 CLOSE_WAIT
[SINO.exe]
TCP [::]:135 [::]:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING

Can not obtain ownership information
TCP [::]:2869 [::]:0 LISTENING

Can not obtain ownership information
TCP [::]:5357 [::]:0 LISTENING

Can not obtain ownership information
TCP [::]:49152 [::]:0 LISTENING
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING
Eventlog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING
nsi
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49156 [::]:0 LISTENING
[lsass.exe]
TCP [::]:49157 [::]:0 LISTENING
[services.exe]
UDP 0.0.0.0:123 *:*
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:4500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:*
Dnscache
[svchost.exe]
UDP 0.0.0.0:49160 *:*
[mDNSResponder.exe]
UDP 0.0.0.0:49166 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:56561 *:*
[mDNSResponder.exe]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:49252 *:*
BITS
[svchost.exe]
UDP 127.0.0.1:49260 *:*
SSDPSRV
[svchost.exe]
UDP 192.168.1.3:137 *:*

Can not obtain ownership information
UDP 192.168.1.3:138 *:*

Can not obtain ownership information
UDP 192.168.1.3:1900 *:*
SSDPSRV
[svchost.exe]
UDP 192.168.1.3:5353 *:*
[mDNSResponder.exe]
UDP 192.168.1.3:49259 *:*
SSDPSRV
[svchost.exe]
UDP [::]:123 *:*
W32Time
[svchost.exe]
UDP [::]:500 *:*
IKEEXT
[svchost.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:5355 *:*
Dnscache
[svchost.exe]
UDP [::]:49161 *:*
[mDNSResponder.exe]
UDP [::]:49167 *:*
FDResPub
[svchost.exe]
UDP [::1]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [::1]:49257 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::e2:fbf8:8557:31fd%10]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::e2:fbf8:8557:31fd%10]:49258 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::81e0:6b7d:dc4e:c7d0%9]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [fe80::81e0:6b7d:dc4e:c7d0%9]:49256 *:*
SSDPSRV
[svchost.exe]

<<<< Routing Table >>>>

===========================================================================
Interface List
9 ...00 e0 4c ff 13 3d ...... Realtek RTL8139/810x Family Fast Ethernet NIC #2
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
11 ...00 00 00 00 00 00 00 e0 isatap.{DCFE6970-BF40-47DC-AA98-43523EC8E95C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.1.3 296
169.254.255.255 255.255.255.255 On-link 192.168.1.3 276
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:cf2e:3096:e2:fbf8:8557:31fd/128
On-link
9 276 fe80::/64 On-link
10 266 fe80::/64 On-link
11 281 fe80::5efe:192.168.1.3/128
On-link
10 266 fe80::e2:fbf8:8557:31fd/128
On-link
9 276 fe80::81e0:6b7d:dc4e:c7d0/128
On-link
1 306 ff00::/8 On-link
9 276 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

<<<< Hosts File >>>>

The HOSTS file is 761 Bytes in size.


::1 localhost


<<<< Active Shares >>>>

Share: ADMIN$ - Path: C:\Windows
Share: C$ - Path: C:\
Share: D$ - Path: D:\
Share: IPC$ - Path:


END OF LOG FILE, Date of Completion: 1240_17-11-2009 ----------

this is OTL.txt



OTL logfile created on: 11/17/2009 12:43:17 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\SAM\Documents\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.25 Mb Total Physical Memory | 209.34 Mb Available Physical Memory | 32.80% Memory free
1.59 Gb Paging File | 1.04 Gb Available in Paging File | 65.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 8.49 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
Drive D: | 81.78 Gb Total Space | 56.82 Gb Free Space | 69.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAM-PC
Current User Name: SAM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/17 12:38:44 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\SAM\Documents\Downloads\OTL.exe
PRC - [2009/11/12 04:41:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Users\SAM\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/11/12 04:41:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Users\SAM\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/11/04 12:21:01 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2009/09/24 21:06:06 | 00,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/24 11:50:38 | 00,858,112 | ---- | M] (Aobo) -- C:\Program Files\AoboBlocker\AoboBlocker.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/11/02 18:03:45 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/02 18:03:45 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/11/02 18:03:21 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/11/02 18:02:25 | 01,004,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/02 15:16:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2006/11/02 15:15:07 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - File not found -- C:\Windows\System32\msmAncern.dll
MOD - [2009/11/17 12:38:44 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\SAM\Documents\Downloads\OTL.exe
MOD - [2006/11/02 15:08:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/15 23:15:50 | 00,090,186 | ---- | M] (Sver) -- C:\Windows\System32\ggvokl.exe -- (bsvxyirxaqnton)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/11/02 18:04:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 18:04:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 18:04:13 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/11/02 18:03:45 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/11/02 18:03:43 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2006/11/02 18:03:43 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006/11/02 18:03:41 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2006/11/02 18:02:25 | 00,263,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 12:04:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 12:15:17 | 00,240,128 | ---- | M] (PARADOX) -- C:\Windows\System32\drivers\royal.sys -- (OemBiosDevice)
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2006/11/02 15:21:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 15:21:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 15:21:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 15:21:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 15:21:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 15:21:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 15:21:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 15:20:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 15:20:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 15:20:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 15:20:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 15:20:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 15:20:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 15:20:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 15:20:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 15:20:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 15:20:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 15:20:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 15:20:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 15:20:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 15:20:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 15:20:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 15:20:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 15:20:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 15:20:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 15:20:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 15:20:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 15:20:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 15:20:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 15:19:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 15:19:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 15:19:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 15:19:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 15:19:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 15:19:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 13:55:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006/11/02 13:54:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:54:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:54:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:54:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:54:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 13:06:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 13:06:49 | 00,108,032 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc)
DRV - [2006/11/02 13:06:46 | 01,897,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/11/02 13:00:56 | 00,047,104 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 13:00:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2006/11/02 12:07:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1






IE - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\S-1-5-21-891949325-1873765817-2469887944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\S-1-5-21-891949325-1873765817-2469887944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/05 13:15:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/05 16:26:03 | 00,000,000 | ---D | M]

[2009/11/06 04:12:37 | 00,000,000 | ---D | M] -- C:\Users\SAM\AppData\Roaming\Mozilla\Extensions
[2009/11/06 04:12:37 | 00,000,000 | ---D | M] -- C:\Users\SAM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/06 04:12:37 | 00,000,000 | ---D | M] -- C:\Users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\14nckvm5.default\extensions
[2009/11/05 02:12:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/05 02:12:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/17 01:38:14 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/17 01:38:15 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/17 01:38:16 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/05 13:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/05 13:15:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/05 13:15:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/05 13:15:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/05 13:15:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/05 13:15:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/05 13:15:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/16 23:28:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 23:28:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 23:28:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 23:28:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 23:28:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 23:28:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 23:28:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AoboBlocker] C:\Program Files\AoboBlocker\AoboBlocker.exe (Aobo)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 8
O7 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = folder options
O7 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 03:13:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/16 18:16:04 | 00,000,000 | R--D | C] -- C:\Users\SAM\Documents\Scanned Documents
[2009/11/16 18:16:04 | 00,000,000 | ---D | C] -- C:\Users\SAM\Documents\Fax
[2009/11/15 23:15:47 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/11/15 23:15:47 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/11/15 23:15:39 | 00,124,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2009/11/15 23:15:38 | 00,372,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\IJL_11.DLL
[2009/11/15 23:15:38 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2009/11/15 23:06:05 | 00,000,000 | ---D | C] -- C:\Program Files\UltraKeyboard
[2009/11/09 03:23:01 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\AvatarCache
[2009/11/09 03:22:57 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\WallpaperCache
[2009/11/09 03:22:57 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Rediff.com
[2009/11/09 03:22:57 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Rediff Bol
[2009/11/08 18:48:36 | 00,000,000 | ---D | C] -- C:\ProgramData\AoboBlocker
[2009/11/08 18:48:36 | 00,000,000 | ---D | C] -- C:\ProgramData\AoboBlocker
[2009/11/08 18:48:36 | 00,000,000 | ---D | C] -- C:\Program Files\AoboBlocker
[2009/11/07 02:23:27 | 00,000,000 | ---D | C] -- C:\Users\SAM\Desktop\Songs
[2009/11/06 19:10:45 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/11/06 19:10:45 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/11/06 19:10:45 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/11/06 19:10:45 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/11/06 19:09:52 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/11/06 19:09:52 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/11/06 04:12:29 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Mozilla
[2009/11/06 04:12:29 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Mozilla
[2009/11/06 01:49:16 | 00,000,000 | ---D | C] -- C:\Users\SAM\Desktop\Law
[2009/11/06 01:48:40 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Adobe
[2009/11/06 01:02:49 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Media Player Classic
[2009/11/06 00:41:09 | 04,300,800 | ---- | C] (Gabest) -- C:\Users\SAM\Desktop\mplayerc.exe
[2009/11/05 17:26:45 | 00,093,096 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/11/05 17:26:38 | 00,000,000 | ---D | C] -- C:\Program Files\iolo
[2009/11/05 16:25:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/11/05 16:25:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/11/05 16:25:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/11/05 16:25:10 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/11/05 15:04:28 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/11/05 15:03:26 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009/11/05 15:03:25 | 00,000,000 | ---D | C] -- C:\Windows\CSC
[2009/11/05 15:01:35 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/11/05 15:01:15 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/11/05 15:00:41 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/11/05 15:00:26 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/11/05 14:49:48 | 00,000,000 | ---D | C] -- C:\ProgramData\iolo
[2009/11/05 14:49:48 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\iolo
[2009/11/05 14:49:48 | 00,000,000 | ---D | C] -- C:\ProgramData\iolo
[2009/11/05 14:46:39 | 00,000,000 | ---D | C] -- C:\Program Files\PC Tune-Up
[2009/11/05 13:48:55 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Yahoo
[2009/11/05 13:37:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/11/05 13:37:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/11/05 13:36:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/11/05 13:31:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2009/11/05 13:31:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2009/11/05 13:30:43 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/11/05 13:26:02 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\DivX
[2009/11/05 13:20:17 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/11/05 13:19:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/11/05 13:18:20 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Apple Computer
[2009/11/05 13:18:20 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Apple Computer
[2009/11/05 13:17:57 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/11/05 13:17:57 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/11/05 13:17:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/11/05 13:17:34 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/05 13:17:27 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/05 13:17:27 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/05 13:17:27 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/05 13:16:01 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/11/05 13:14:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/05 13:14:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/11/05 13:14:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/11/05 13:13:55 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Apple
[2009/11/05 13:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/11/05 13:11:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/11/05 13:11:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/11/05 13:11:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/11/05 13:03:56 | 00,000,000 | ---D | C] -- C:\Users\SAM\Desktop\Anti
[2009/11/05 11:50:23 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/11/05 02:42:41 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Microsoft Games
[2009/11/05 02:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/11/05 02:14:29 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\uTorrent
[2009/11/05 02:12:14 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/11/05 02:02:22 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Macromedia
[2009/11/05 02:02:22 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Adobe
[2009/11/05 02:02:11 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/11/05 01:57:33 | 00,000,000 | ---D | C] -- C:\Users\SAM\Documents\Downloads
[2009/11/04 12:21:01 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Google
[2009/11/04 12:20:03 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Deployment
[2009/11/04 12:20:03 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Apps
[2009/11/04 12:15:17 | 00,240,128 | ---- | C] (PARADOX) -- C:\Windows\System32\drivers\royal.sys
[2009/11/04 12:12:45 | 00,000,000 | R--D | C] -- C:\Users\SAM\Searches
[2009/11/04 12:12:20 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Identities
[2009/11/04 12:12:18 | 00,000,000 | R--D | C] -- C:\Users\SAM\Contacts
[2009/11/04 12:12:16 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\VirtualStore
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Templates
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Start Menu
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\SendTo
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Recent
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\PrintHood
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\NetHood
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Documents\My Videos
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Documents\My Pictures
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Documents\My Music
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\My Documents
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Local Settings
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Cookies
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\Application Data
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\AppData\Local\Temporary Internet Files
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\AppData\Local\History
[2009/11/04 12:12:08 | 00,000,000 | -HSD | C] -- C:\Users\SAM\AppData\Local\Application Data
[2009/11/04 12:12:07 | 00,000,000 | --SD | C] -- C:\Users\SAM\AppData\Roaming\Microsoft
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Videos
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Saved Games
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Pictures
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Music
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Links
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Favorites
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Downloads
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Documents
[2009/11/04 12:12:07 | 00,000,000 | R--D | C] -- C:\Users\SAM\Desktop
[2009/11/04 12:12:07 | 00,000,000 | -H-D | C] -- C:\Users\SAM\AppData
[2009/11/04 12:12:07 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Roaming\Media Center Programs
[2009/11/04 12:12:07 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Temp
[2009/11/04 12:12:07 | 00,000,000 | ---D | C] -- C:\Users\SAM\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2009/11/17 12:42:45 | 01,310,720 | ---- | M] () -- C:\Users\SAM\NTUSER.DAT
[2009/11/17 12:26:01 | 00,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-891949325-1873765817-2469887944-1000UA.job
[2009/11/17 12:26:00 | 00,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-891949325-1873765817-2469887944-1000Core.job
[2009/11/17 12:19:14 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/17 12:19:14 | 00,617,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/17 12:19:14 | 00,103,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/17 12:13:12 | 00,000,680 | ---- | M] () -- C:\Users\SAM\AppData\Local\d3d9caps.dat
[2009/11/17 12:13:03 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/17 12:13:03 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/17 12:12:55 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/17 12:12:46 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/17 12:12:20 | 66,990,0800 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/17 00:31:31 | 00,001,360 | RHS- | M] () -- C:\Users\SAM\ntuser.pol
[2009/11/16 19:02:33 | 00,088,553 | ---- | M] () -- C:\Users\SAM\Desktop\123.jpg
[2009/11/15 13:38:06 | 02,552,791 | -H-- | M] () -- C:\Users\SAM\AppData\Local\IconCache.db
[2009/11/14 20:38:00 | 00,290,650 | -H-- | M] () -- C:\Windows\DSC00241.JPG
[2009/11/14 20:37:36 | 00,287,361 | -H-- | M] () -- C:\Windows\DSC00240.JPG
[2009/11/14 00:37:22 | 00,011,457 | ---- | M] () -- C:\Users\SAM\Desktop\LST_Plus_2009-10_Mock_Test_Schedule.pdf
[2009/11/13 22:33:54 | 00,002,032 | ---- | M] () -- C:\Users\SAM\Desktop\Google Chrome.lnk
[2009/11/13 22:14:30 | 00,036,407 | ---- | M] () -- C:\Users\SAM\Documents\Untitled.wma
[2009/11/13 18:04:12 | 00,013,824 | ---- | M] () -- C:\Users\SAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 14:42:26 | 00,524,288 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{97403f9d-ce7b-11de-ab89-00e04cff133d}.TMContainer00000000000000000002.regtrans-ms
[2009/11/11 14:42:26 | 00,524,288 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{97403f9d-ce7b-11de-ab89-00e04cff133d}.TMContainer00000000000000000001.regtrans-ms
[2009/11/11 14:42:26 | 00,065,536 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{97403f9d-ce7b-11de-ab89-00e04cff133d}.TM.blf
[2009/11/11 11:59:52 | 00,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009/11/11 11:55:36 | 00,024,576 | ---- | M] () -- C:\Users\SAM\Documents\Free look period.doc
[2009/11/10 17:48:13 | 00,024,064 | ---- | M] () -- C:\Users\SAM\Documents\flyking.doc
[2009/11/09 09:05:30 | 00,242,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/09 03:50:52 | 00,054,920 | ---- | M] () -- C:\Users\SAM\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/09 03:25:26 | 00,005,820 | ---- | M] () -- C:\Users\SAM\AppData\Roaming\default.full.jpeg
[2009/11/09 03:23:16 | 00,005,202 | ---- | M] () -- C:\Users\SAM\AppData\Roaming\xzXIBp.full.jpeg
[2009/11/08 01:51:02 | 00,524,288 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{ffd20b39-c90d-11de-94ec-00e04cff133d}.TMContainer00000000000000000002.regtrans-ms
[2009/11/08 01:51:02 | 00,524,288 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{ffd20b39-c90d-11de-94ec-00e04cff133d}.TMContainer00000000000000000001.regtrans-ms
[2009/11/08 01:51:02 | 00,065,536 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{ffd20b39-c90d-11de-94ec-00e04cff133d}.TM.blf
[2009/11/07 12:09:47 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/11/07 11:01:16 | 00,028,672 | ---- | M] () -- C:\Users\SAM\Documents\dad.doc
[2009/11/06 19:10:45 | 02,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/11/06 19:10:45 | 01,929,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/11/06 19:10:45 | 00,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/11/06 19:10:45 | 00,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/11/06 19:09:52 | 00,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/11/06 19:09:52 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/11/06 13:38:23 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/11/06 00:41:09 | 04,300,800 | ---- | M] (Gabest) -- C:\Users\SAM\Desktop\mplayerc.exe
[2009/11/05 17:27:39 | 00,000,406 | ---- | M] () -- C:\Windows\System32\ioloBootDefrag.cfg
[2009/11/05 17:26:45 | 00,000,941 | ---- | M] () -- C:\Users\SAM\Desktop\System Mechanic.lnk
[2009/11/05 17:25:28 | 00,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
[2009/11/05 16:26:04 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/05 16:22:22 | 00,052,968 | ---- | M] () -- C:\Users\SAM\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/11/05 15:00:28 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/11/05 14:46:51 | 00,000,836 | ---- | M] () -- C:\Users\SAM\Desktop\PC Tune-Up.lnk
[2009/11/05 13:39:17 | 00,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/11/05 13:18:04 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/05 13:15:19 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/11/05 02:21:57 | 00,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/11/05 02:12:22 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/05 01:35:38 | 00,043,530 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/11/04 12:17:08 | 00,524,288 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2009/11/04 12:17:08 | 00,524,288 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/11/04 12:17:08 | 00,065,536 | -HS- | M] () -- C:\Users\SAM\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/11/04 12:15:17 | 00,240,128 | ---- | M] (PARADOX) -- C:\Windows\System32\drivers\royal.sys
[2009/11/04 12:12:08 | 00,000,020 | -HS- | M] () -- C:\Users\SAM\ntuser.ini
[2009/10/22 17:46:04 | 00,093,096 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/10/22 17:45:56 | 02,115,496 | ---- | M] () -- C:\Windows\System32\Incinerator.dll

========== Files Created - No Company Name ==========

[2009/11/16 19:02:32 | 00,088,553 | ---- | C] () -- C:\Users\SAM\Desktop\123.jpg
[2009/11/14 20:38:00 | 00,290,650 | -H-- | C] () -- C:\Windows\DSC00241.JPG
[2009/11/14 20:37:34 | 00,287,361 | -H-- | C] () -- C:\Windows\DSC00240.JPG
[2009/11/14 00:37:19 | 00,011,457 | ---- | C] () -- C:\Users\SAM\Desktop\LST_Plus_2009-10_Mock_Test_Schedule.pdf
[2009/11/13 22:14:30 | 00,036,407 | ---- | C] () -- C:\Users\SAM\Documents\Untitled.wma
[2009/11/11 14:42:26 | 00,524,288 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{97403f9d-ce7b-11de-ab89-00e04cff133d}.TMContainer00000000000000000002.regtrans-ms
[2009/11/11 14:42:26 | 00,524,288 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{97403f9d-ce7b-11de-ab89-00e04cff133d}.TMContainer00000000000000000001.regtrans-ms
[2009/11/11 14:42:26 | 00,065,536 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{97403f9d-ce7b-11de-ab89-00e04cff133d}.TM.blf
[2009/11/11 11:59:52 | 00,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009/11/10 17:34:43 | 00,024,064 | ---- | C] () -- C:\Users\SAM\Documents\flyking.doc
[2009/11/09 03:25:26 | 00,005,820 | ---- | C] () -- C:\Users\SAM\AppData\Roaming\default.full.jpeg
[2009/11/09 03:23:16 | 00,005,202 | ---- | C] () -- C:\Users\SAM\AppData\Roaming\xzXIBp.full.jpeg
[2009/11/07 23:02:43 | 00,024,576 | ---- | C] () -- C:\Users\SAM\Documents\Free look period.doc
[2009/11/07 16:53:24 | 00,001,360 | RHS- | C] () -- C:\Users\SAM\ntuser.pol
[2009/11/07 10:56:06 | 00,028,672 | ---- | C] () -- C:\Users\SAM\Documents\dad.doc
[2009/11/07 09:39:58 | 00,524,288 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{ffd20b39-c90d-11de-94ec-00e04cff133d}.TMContainer00000000000000000002.regtrans-ms
[2009/11/07 09:39:58 | 00,524,288 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{ffd20b39-c90d-11de-94ec-00e04cff133d}.TMContainer00000000000000000001.regtrans-ms
[2009/11/07 09:39:58 | 00,065,536 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{ffd20b39-c90d-11de-94ec-00e04cff133d}.TM.blf
[2009/11/05 17:27:39 | 00,000,406 | ---- | C] () -- C:\Windows\System32\ioloBootDefrag.cfg
[2009/11/05 17:26:45 | 00,000,941 | ---- | C] () -- C:\Users\SAM\Desktop\System Mechanic.lnk
[2009/11/05 17:26:44 | 02,115,496 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2009/11/05 17:26:40 | 00,030,208 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
[2009/11/05 17:26:40 | 00,012,288 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
[2009/11/05 17:25:28 | 00,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/11/05 16:26:04 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/05 16:22:22 | 00,052,968 | ---- | C] () -- C:\Users\SAM\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/11/05 15:00:28 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2009/11/05 15:00:27 | 00,438,840 | RHS- | C] () -- C:\bootmgr
[2009/11/05 14:46:51 | 00,000,836 | ---- | C] () -- C:\Users\SAM\Desktop\PC Tune-Up.lnk
[2009/11/05 13:39:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/05 13:18:04 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/05 13:15:19 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/11/05 02:15:06 | 00,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2009/11/05 02:12:22 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/05 02:03:54 | 00,013,824 | ---- | C] () -- C:\Users\SAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/05 01:57:19 | 00,002,032 | ---- | C] () -- C:\Users\SAM\Desktop\Google Chrome.lnk
[2009/11/05 01:37:28 | 66,990,0800 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/04 12:21:05 | 00,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-891949325-1873765817-2469887944-1000UA.job
[2009/11/04 12:21:03 | 00,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-891949325-1873765817-2469887944-1000Core.job
[2009/11/04 12:17:05 | 02,552,791 | -H-- | C] () -- C:\Users\SAM\AppData\Local\IconCache.db
[2009/11/04 12:13:35 | 00,054,920 | ---- | C] () -- C:\Users\SAM\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/04 12:12:11 | 00,000,680 | ---- | C] () -- C:\Users\SAM\AppData\Local\d3d9caps.dat
[2009/11/04 12:12:08 | 00,524,288 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2009/11/04 12:12:08 | 00,524,288 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/11/04 12:12:08 | 00,000,020 | -HS- | C] () -- C:\Users\SAM\ntuser.ini
[2009/11/04 12:12:07 | 01,310,720 | ---- | C] () -- C:\Users\SAM\NTUSER.DAT
[2009/11/04 12:12:07 | 00,065,536 | -HS- | C] () -- C:\Users\SAM\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2008/11/06 08:18:04 | 00,131,072 | ---- | C] () -- C:\Windows\System32\msm-ccord.dll
[2008/09/07 23:55:26 | 00,009,841 | ---- | C] () -- C:\Windows\System32\msw-ncore.dll
[2006/11/02 18:19:43 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 18:05:51 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 18:05:51 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 18:05:51 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 18:05:51 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 18:04:23 | 00,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 18:04:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:03:40 | 00,978,432 | ---- | C] () -- C:\Windows\System32\drmv2clt.dll
[2006/11/02 15:53:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 15:53:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 14:45:52 | 00,000,000 | ---- | C] () -- C:\Windows\System32\puiapi.dll
[2006/11/02 13:10:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 152 bytes -> C:\Users\SAM\Desktop\123.jpg:3or4kl4x13tuuug3Byamue2s4b
< End of report >


this is extra.txt

OTL Extras logfile created on: 11/17/2009 12:43:17 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\SAM\Documents\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.25 Mb Total Physical Memory | 209.34 Mb Available Physical Memory | 32.80% Memory free
1.59 Gb Paging File | 1.04 Gb Available in Paging File | 65.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 8.49 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
Drive D: | 81.78 Gb Total Space | 56.82 Gb Free Space | 69.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAM-PC
Current User Name: SAM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35CB0A10-6250-478B-B08A-C99B4572AEA2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{44B97383-8AF3-496A-B618-83BDD54946B0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{666213F7-E487-4F91-8620-585FD0972E91}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{68910299-8478-4B3C-9358-442A68B29F75}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6CC508AB-11EA-4B0E-BAF6-4D55E250D07F}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{8020FBA4-7C2F-4C5C-9F95-128A524A767F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8CFFD95-F5BD-4266-8FED-58C8E57AD64E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E1BCF60C-9BE1-4B83-828C-2DA61BEFE881}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F0D1A96A-6C18-4FF4-92CC-3E1204C9A308}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8158203-E364-42CD-9F0D-92BFF9B51AC1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{45D3FB7E-2CBD-4F91-8B16-EFCB5079A344}C:\program files\rediff bol\rediffmessenger.exe" = protocol=6 | dir=in | app=c:\program files\rediff bol\rediffmessenger.exe |
"UDP Query User{F04D2774-C4E0-45F3-BD6B-3E08B8098C0A}C:\program files\rediff bol\rediffmessenger.exe" = protocol=17 | dir=in | app=c:\program files\rediff bol\rediffmessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb" = PC Tune-Up
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"PC Tune-Up" = PC Tune-Up
"uTorrent" = µTorrent
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-891949325-1873765817-2469887944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2009 9:12:17 AM | Computer Name = SAM-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 10.0.0.542, time
stamp 0x4abc40fe, faulting module YahooMessenger.exe, version 10.0.0.542, time stamp
0x4abc40fe, exception code 0xc0000005, fault offset 0x000fc0f5, process id 0xa4c,
application start time 0x01ca5fa55340b50f.

Error - 11/8/2009 9:16:17 AM | Computer Name = SAM-PC | Source = profsvc | ID = 1533
Description = Windows cannot delete the profile directory C:\Users\ad. This error
may be caused by files in this directory being used by another program. DETAIL
- The directory is not empty.

Error - 11/11/2009 5:14:27 AM | Computer Name = SAM-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 10.0.0.542, time
stamp 0x4abc40fe, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x4d8dffee, process id 0xc30, application
start time 0x01ca62af31f81c0e.

Error - 11/11/2009 10:46:44 AM | Computer Name = SAM-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4acf6d57,
faulting module NPSWF32.dll, version 10.0.32.18, time stamp 0x4a613f8d, exception
code 0xc0000005, fault offset 0x00160cff, process id 0xe60, application start time
0x01ca62dda7137f32.

Error - 11/12/2009 3:24:39 AM | Computer Name = SAM-PC | Source = Application Error | ID = 1000
Description = Faulting application YAHOOM~1.EXE, version 10.0.0.542, time stamp
0x4abc40fe, faulting module YAHOOM~1.EXE, version 10.0.0.542, time stamp 0x4abc40fe,
exception code 0xc0000005, fault offset 0x0003b15e, process id 0xc50, application
start time 0x01ca6368642d2534.

Error - 11/17/2009 3:09:52 AM | Computer Name = SAM-PC | Source = Perflib | ID = 1008
Description =

Error - 11/17/2009 3:09:52 AM | Computer Name = SAM-PC | Source = Perflib | ID = 1010
Description =

Error - 11/17/2009 3:09:54 AM | Computer Name = SAM-PC | Source = Perflib | ID = 1005
Description =

Error - 11/17/2009 3:09:54 AM | Computer Name = SAM-PC | Source = Perflib | ID = 1017
Description =

Error - 11/17/2009 3:09:58 AM | Computer Name = SAM-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

[ System Events ]
Error - 11/16/2009 10:35:50 AM | Computer Name = SAM-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/16/2009 1:25:56 PM | Computer Name = SAM-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:08:58 PM on 11/16/2009 was unexpected.

Error - 11/16/2009 1:27:24 PM | Computer Name = SAM-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/16/2009 1:56:22 PM | Computer Name = SAM-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:24:33 PM on 11/16/2009 was unexpected.

Error - 11/16/2009 2:04:39 PM | Computer Name = SAM-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:26:22 PM on 11/16/2009 was unexpected.

Error - 11/16/2009 2:20:59 PM | Computer Name = SAM-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:41:17 PM on 11/16/2009 was unexpected.

Error - 11/16/2009 2:24:49 PM | Computer Name = SAM-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00E04CFF133D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/16/2009 11:21:23 PM | Computer Name = SAM-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:16:07 AM on 11/17/2009 was unexpected.

Error - 11/16/2009 11:21:25 PM | Computer Name = SAM-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00E04CFF133D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/17/2009 2:39:59 AM | Computer Name = SAM-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:26:31 AM on 11/17/2009 was unexpected.


< End of report >

You didn't say you wanted someone to read them for you
This should have been posted in AII

For starters:

Quote

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

You will also be instructed to create a Root Repeal Log

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck

Sorry sir...i posted it here coz u mentioned in ur last thread to do so

Quote

I wanted to know was some kind of prog what shows ALL current running programs and this keylogger too. I tried the program mentioned in the 3rd post[and process explorer too] but it is'nt showing the keylogger program in it.

Also, if there is'nt any program like this, and i use the program that u mentioned in your last thread i.e SINO and identify the file, how to stop it from startup and current processes?



Thanks

c:\windows\system32\ggvokl.exe
c:\program files\bqjftllatpd\ggvok.exe

Indicates a rootkit infection
You can try stopping it all you want

yes sir, but HOW do i stop it from current processes and autorunning each time the comp starts?

and whatz rootkit infection?


Thanks.

That would best be answered by posting in our Am I Infected forum
http://www.bleepingcomputer.com/forums/forum103.html
There the members can help you with your problem

avira's antivir is a great antivirus program for free and it's constantly finding viruses that others don't. and i've checked this at sites that u can upload viruses to and they tell u which firms find them. avira finds the most.
and if u r worried about keyloggers download keyscrambler it encrypts your keystrokes with random jibberish, u can see the keystrokes u made and it shows u what it turned them into. if u have keyscrambler on and the use the onscreen keyboard it will show u what a third party gets from your strokes in the fields u enter your data into. u have to turn off keyscrambler to use the onscreen keyboard properly.