BleepingComputer.com: Odl.exe and Ogayha.exe

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Odl.exe and Ogayha.exe

#1 User is offline   cubby989 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 5
  • Joined: 28-May 11

Posted 08 June 2011 - 03:44 PM

edit: I googled the files, they were viruses, and I used FileASSASSIN to delete them, problem solved, I'll be back if the problem was NOT solved.

These two processes have popped up, I have no idea what they are, so I did a HJT and came here... At the time of writing I have OTL running and scanning.

Here's the HJT log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:40:39 PM, on 6/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Allure\Allure.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\PROGRA~1\DESKTO~1\TLDL.EXE
C:\Program Files\Steam\steam.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\-----\Desktop\folders\Lee-Soft Vista-like shtuff\TrueTransparency\TrueTransparency.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViGlance\ViGlance.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\-----\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\-----\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\-----\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\-----\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Ogahya.exe
C:\Documents and Settings\-----\Desktop\Anti-virus helper\OTL.exe
C:\DOCUME~1\-----\LOCALS~1\Temp\Odl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\-----\Desktop\Anti-virus helper\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.8.175.41:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Allure] "C:\Program Files\Allure\Allure.exe" -H
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Desktop Lock] C:\PROGRA~1\DESKTO~1\TLDL.EXE /Boot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Michael\Desktop\folders\Lee-Soft Vista-like shtuff\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViGlance] C:\Program Files\ViGlance\ViGlance.exe
O4 - HKCU\..\Run: [YDZ1QVAGOJ] C:\DOCUME~1\Michael\LOCALS~1\Temp\Odl.exe
O4 - HKLM\..\Policies\Explorer\Run: [YNOKZITCHO] C:\WINDOWS\system32\ntmsoprq1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8928 bytes


Edit: OTL finished...


OTL logfile created on: 6/8/2011 3:29:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\-----\Desktop\Anti-virus helper
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 54.41% Memory free
3.35 Gb Paging File | 2.48 Gb Available in Paging File | 73.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 75.11 Gb Free Space | 40.31% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 55.73 Gb Free Space | 74.77% Space Free | Partition Type: NTFS

Computer Name: EMACHINE | User Name: ----- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/08 15:28:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-----\Desktop\Anti-virus helper\OTL.exe
PRC - [2011/06/08 12:59:44 | 000,169,984 | ---- | M] (Simon Tatham) -- C:\WINDOWS\Ogahya.exe
PRC - [2011/06/05 18:38:39 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\-----\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/29 12:07:01 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/05/28 19:25:35 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\-----\Desktop\Anti-virus helper\dds.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/20 11:31:28 | 000,200,704 | ---- | M] (TopLang Software) -- C:\Program Files\Desktop Lock\TLDL.EXE
PRC - [2011/03/02 19:44:12 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/25 22:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/19 13:15:06 | 005,636,136 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/10/06 14:21:00 | 000,786,432 | ---- | M] (Lee-Soft.com) -- C:\Program Files\ViStart\ViStart.exe
PRC - [2010/09/07 07:45:18 | 000,446,464 | ---- | M] (Lee-Soft.com, Lee Matthew Chantrey) -- C:\Program Files\ViGlance\ViGlance.exe
PRC - [2010/03/28 11:54:18 | 000,374,272 | ---- | M] () -- C:\Documents and Settings\-----\Desktop\folders\Lee-Soft Vista-like shtuff\TrueTransparency\TrueTransparency.exe
PRC - [2009/06/30 23:51:07 | 000,010,752 | ---- | M] () -- C:\Program Files\Allure\Allure.exe
PRC - [2008/04/13 19:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/04/16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/12/01 22:44:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


========== Modules (SafeList) ==========

MOD - [2011/06/08 15:28:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-----\Desktop\Anti-virus helper\OTL.exe
MOD - [2011/05/15 12:34:23 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/28 11:35:00 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\folders\Lee-Soft Vista-like shtuff\TrueTransparency\TrueTransparencyHook.dll
MOD - [2009/06/30 23:51:03 | 000,006,144 | ---- | M] () -- C:\Program Files\Allure\AllureHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 12:07:01 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/21 22:26:41 | 000,129,856 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/17 14:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2004/12/01 22:44:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/06/07 17:19:39 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2011/05/15 12:34:23 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/05/15 12:34:22 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/15 12:34:22 | 000,017,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011/05/15 12:34:21 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/26 15:10:34 | 000,122,224 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/04/26 15:10:34 | 000,111,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/04/26 15:10:34 | 000,044,784 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/04/26 15:10:32 | 000,162,544 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/03/30 06:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011/03/22 18:27:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/28 20:49:32 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/22 14:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/12/14 18:47:18 | 000,400,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311T13.sys -- (AR5211)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 217.8.175.41:80

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/14 17:46:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/14 17:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/11 16:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 15:55:43 | 000,000,000 | ---D | M]

[2011/03/07 07:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/05/20 18:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\u0z51v5z.default\extensions
[2011/03/12 20:47:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\u0z51v5z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/30 21:26:48 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\u0z51v5z.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/05/20 18:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 17:46:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/14 17:47:08 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/03/01 00:17:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [Allure] C:\Program Files\Allure\Allure.exe ()
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Desktop Lock] C:\Program Files\Desktop Lock\TLDL.EXE (TopLang Software)
O4 - HKLM..\Run: [DrvIcon] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TrueTransparency] C:\Documents and Settings\Michael\Desktop\folders\Lee-Soft Vista-like shtuff\TrueTransparency\TrueTransparency.exe ()
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKCU..\Run: [ViGlance] C:\Program Files\ViGlance\ViGlance.exe (Lee-Soft.com, Lee Matthew Chantrey)
O4 - HKCU..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe (Lee-Soft.com)
O4 - HKCU..\Run: [YDZ1QVAGOJ] C:\Documents and Settings\Michael\Local Settings\Temp\Odl.exe (Simon Tatham)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: YNOKZITCHO = C:\WINDOWS\system32\ntmsoprq1.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 15:24:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Administrative Tools
[2011/06/08 13:00:03 | 000,169,984 | ---- | C] (Simon Tatham) -- C:\WINDOWS\Ogahya.exe
[2011/06/08 12:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Clearlock
[2011/06/08 12:49:36 | 000,136,192 | ---- | C] (TopLang Software) -- C:\Documents and Settings\Michael\Desktop\DTLEP.exe
[2011/06/07 23:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\TopLang
[2011/06/07 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Lock
[2011/06/07 23:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Lock
[2011/06/07 23:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\TopLang
[2011/06/07 23:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TopLang
[2011/06/07 22:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\uTorrent
[2011/06/07 22:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\André Claaßen
[2011/06/07 18:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Stardock
[2011/06/07 18:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Thoosje Windows Sevenbar
[2011/06/07 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje
[2011/06/07 17:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\WinCustomize
[2011/06/07 17:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2011/06/07 17:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/06/06 11:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Shrapnel Games
[2011/06/06 11:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Shrapnel Games
[2011/06/06 00:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Space Empires IV Gold
[2011/06/05 20:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\FreeOrion
[2011/06/05 20:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeOrion
[2011/06/05 20:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\FreeOrion
[2011/06/05 19:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Birth of the Empires
[2011/06/05 18:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kali
[2011/06/05 18:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kali95
[2011/06/05 14:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/06/05 02:19:22 | 000,128,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2011/06/05 02:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\MeltPot
[2011/06/05 02:18:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST5UNST.EXE
[2011/06/05 02:18:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5StKit.dll
[2011/06/04 19:16:56 | 000,000,000 | ---D | C] -- C:\DOS
[2011/06/04 18:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\VDMSound
[2011/05/30 11:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2011/05/29 15:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Bitcoin
[2011/05/29 15:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Bitcoin
[2011/05/29 15:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bitcoin
[2011/05/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\ViGlance
[2011/05/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\ViGlance
[2011/05/29 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\ViStart
[2011/05/29 10:42:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VITrans
[2011/05/29 10:42:07 | 000,000,000 | ---D | C] -- C:\VTPFiles
[2011/05/29 10:41:58 | 000,094,208 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pskill.exe
[2011/05/29 00:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\.minecraft
[2011/05/28 21:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Anti-virus helper
[2011/05/28 19:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Pioneer
[2011/05/28 19:31:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/05/28 13:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Arparso
[2011/05/28 10:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexus Skirmisher
[2011/05/28 10:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Nexus - The Jupiter Incident
[2011/05/28 09:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexus - The Jupiter Incident
[2011/05/28 08:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus - The Jupiter Incident
[2011/05/27 23:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\My Documents\Nexus.The.Jupiter.Incident
[2011/05/24 17:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2011/05/24 17:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2011/05/22 23:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\MediaGet2
[2011/05/22 19:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\Kalypso Media
[2011/05/22 19:10:56 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/05/22 19:10:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/05/22 19:10:54 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/05/22 19:10:51 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/05/22 19:10:48 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/05/22 19:10:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/05/22 19:10:43 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/05/22 19:10:40 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/05/22 18:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/05/22 18:21:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/22 00:13:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Michael\My Documents\FrostWire
[2011/05/22 00:12:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Michael\Application Data\FrostWire
[2011/05/22 00:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TorrentEasy
[2011/05/21 22:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Steam
[2011/05/21 22:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Desura
[2011/05/21 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Desura
[2011/05/21 22:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Desura
[2011/05/21 22:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Desura
[2011/05/21 22:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desura
[2011/05/20 17:36:39 | 000,000,000 | -H-D | C] -- C:\Program Files\FrostWire
[2011/05/19 17:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Lionhead Studios
[2011/05/19 17:57:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/05/19 17:55:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Michael\Application Data\Lionhead Studios
[2011/05/18 15:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/05/15 01:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Allure
[2011/05/15 01:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Allure
[2011/05/15 01:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\SpaceTime 3D
[2011/05/15 01:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\SpaceTime 3D
[2011/05/15 01:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\SpaceTime 3D
[2011/05/14 20:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\Roblox
[2011/05/14 20:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Roblox
[2011/05/14 20:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\RobloxVersions
[2011/05/14 20:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\RobloxDownloads
[2011/05/14 18:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\VirtualBox VMs
[2011/05/14 18:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\.VirtualBox
[2011/05/14 18:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox
[2011/05/14 18:22:30 | 000,162,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2011/05/14 18:22:24 | 000,044,784 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys
[2011/05/14 18:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/05/12 21:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/05/12 21:10:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011/05/12 21:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/05/11 23:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Starfarer
[2011/05/11 23:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Fractal Softworks
[2011/05/11 17:37:39 | 000,000,000 | ---D | C] -- C:\tmp
[2011/05/11 17:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\.thumbnails
[2011/05/11 17:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Blender Foundation
[2011/05/11 17:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\Blender Foundation
[2011/05/11 17:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2011/05/11 15:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\world
[2011/05/09 20:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/03/30 22:22:47 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/08 15:46:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3305667324-1960924308-708895227-1006UA.job
[2011/06/08 15:39:35 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/08 15:34:20 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/06/08 15:27:30 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/08 12:59:44 | 000,169,984 | ---- | M] (Simon Tatham) -- C:\WINDOWS\Ogahya.exe
[2011/06/08 12:59:44 | 000,130,560 | RHS- | M] () -- C:\WINDOWS\System32\ntmsoprq1.exe
[2011/06/08 12:33:30 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_97653.nl_
[2011/06/08 12:33:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 12:32:59 | 1609,027,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 23:28:48 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual Screen.lnk
[2011/06/07 23:28:47 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Lock.lnk
[2011/06/07 21:46:00 | 000,016,444 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/07 17:19:39 | 000,163,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/06/07 07:56:40 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\russian-serbianFBname.rtf
[2011/06/07 05:46:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3305667324-1960924308-708895227-1006Core.job
[2011/06/06 11:29:55 | 000,107,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/05 23:47:53 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Google Chrome.lnk
[2011/06/05 22:40:38 | 000,006,307 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\ea093k.jpg
[2011/06/05 18:26:29 | 000,001,753 | ---- | M] () -- C:\WINDOWS\System32\autoexec.nt
[2011/06/05 15:36:32 | 000,000,568 | ---- | M] () -- C:\WINDOWS\96Crypt.ini
[2011/06/05 14:15:19 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/06/05 02:21:00 | 000,000,322 | ---- | M] () -- C:\WINDOWS\MOO2MPOT.INI
[2011/06/03 00:12:17 | 000,009,341 | ---- | M] () -- C:\Th_raptorjesus.jpg
[2011/06/02 18:27:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/02 12:21:08 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 14:40:32 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2011/05/29 10:50:28 | 006,912,054 | ---- | M] () -- C:\WINDOWS\clwcp.bmp
[2011/05/28 19:00:58 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/28 16:28:20 | 000,000,016 | ---- | M] () -- C:\WINDOWS\Preregister.sig
[2011/05/24 17:22:26 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/05/21 22:21:23 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desura.lnk
[2011/05/18 15:55:44 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/05/18 15:55:44 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2011/05/17 17:00:55 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\-----\Application Data\RSBuddy Login.ini
[2011/05/15 12:34:23 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/05/15 12:34:23 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/05/15 12:34:22 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/05/15 12:34:22 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/05/15 12:34:21 | 000,242,472 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/05/15 01:13:09 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\SpaceTime 3D.lnk
[2011/05/14 18:22:32 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
[2011/05/11 15:59:21 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Michael\server.properties
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/08 13:00:02 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/08 12:59:51 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/08 12:59:44 | 000,130,560 | RHS- | C] () -- C:\WINDOWS\System32\ntmsoprq1.exe
[2011/06/07 23:28:48 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual Screen.lnk
[2011/06/07 23:28:47 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Lock.lnk
[2011/06/07 22:22:46 | 239,657,576 | ---- | C] () -- C:\Documents and Settings\-----\Desktop\SC112.dmg
[2011/06/07 17:08:24 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/06/07 07:56:40 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\-----\Desktop\russian-serbianFBname.rtf
[2011/06/05 22:38:01 | 000,006,307 | ---- | C] () -- C:\Documents and Settings\-----\My Documents\ea093k.jpg
[2011/06/05 14:15:19 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/06/05 14:15:19 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/06/05 02:19:49 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\-----\Start Menu\Programs\MeltPot.LNK
[2011/06/05 02:19:46 | 000,000,322 | ---- | C] () -- C:\WINDOWS\MOO2MPOT.INI
[2011/06/03 00:11:52 | 000,009,341 | ---- | C] () -- C:\Th_raptorjesus.jpg
[2011/05/29 14:40:32 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2011/05/29 10:50:28 | 006,912,054 | ---- | C] () -- C:\WINDOWS\clwcp.bmp
[2011/05/29 10:42:07 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Uharc.exe
[2011/05/29 10:41:58 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\CLWCP.exe
[2011/05/29 10:41:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2011/05/29 10:41:58 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2011/05/28 21:24:39 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_97653.nl_
[2011/05/28 19:44:20 | 000,375,667 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3305667324-1960924308-708895227-1006-0.dat
[2011/05/28 19:44:17 | 000,095,502 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/24 17:22:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2011/05/21 22:21:23 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desura.lnk
[2011/05/18 15:55:44 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2011/05/18 15:55:43 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/05/18 15:55:43 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/05/15 01:13:09 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\SpaceTime 3D.lnk
[2011/05/14 18:22:32 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
[2011/05/11 15:59:20 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\Michael\server.properties
[2011/05/04 16:01:12 | 000,633,871 | ---- | C] () -- C:\WINDOWS\System32\user32new.dll
[2011/05/04 16:01:12 | 000,134,671 | ---- | C] () -- C:\WINDOWS\System32\winstanew.dll
[2011/05/04 16:01:11 | 001,584,149 | ---- | C] () -- C:\WINDOWS\System32\setupapinew.dll
[2011/05/04 16:01:11 | 000,789,525 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4new.dll
[2011/05/04 16:01:11 | 000,096,783 | ---- | C] () -- C:\WINDOWS\System32\powrprofnew.dll
[2011/05/04 16:01:11 | 000,087,558 | ---- | C] () -- C:\WINDOWS\System32\ntdsapinew.dll
[2011/05/04 16:01:11 | 000,072,707 | ---- | C] () -- C:\WINDOWS\System32\secur32new.dll
[2011/05/04 16:01:10 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2011/05/04 16:01:06 | 000,974,354 | ---- | C] () -- C:\WINDOWS\System32\crypt32new.dll
[2011/05/04 16:01:06 | 000,770,069 | ---- | C] () -- C:\WINDOWS\System32\advapi32new.dll
[2011/05/04 16:01:06 | 000,171,023 | ---- | C] () -- C:\WINDOWS\System32\apphelpnew.dll
[2011/05/03 20:37:17 | 000,039,948 | ---- | C] () -- C:\WINDOWS\System32\dwmapi.dll
[2011/05/03 20:37:17 | 000,000,236 | -H-- | C] () -- C:\Program Files\Common Files\dx.reg
[2011/05/03 20:37:12 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2011/05/03 20:37:12 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2011/05/03 20:37:12 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2011/05/03 20:37:11 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2011/05/03 20:37:11 | 000,002,919 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2011/05/03 20:13:12 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2011/05/03 20:13:11 | 000,167,948 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2011/05/03 20:13:09 | 000,519,912 | ---- | C] () -- C:\WINDOWS\System32\d3dx10d_33.dll
[2011/05/03 20:13:09 | 000,519,912 | ---- | C] () -- C:\WINDOWS\System32\d3dx10d.dll
[2011/05/03 20:13:06 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2011/05/01 09:42:33 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\-----\Application Data\RSBuddy Login.ini
[2011/05/01 08:22:01 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\-----\Application Data\RSBuddy_cubby989.ini
[2011/04/23 13:13:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/04/18 21:48:33 | 000,000,568 | ---- | C] () -- C:\WINDOWS\96Crypt.ini
[2011/04/11 17:37:44 | 000,016,444 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/09 23:46:36 | 000,559,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/04/04 21:19:49 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/03/30 22:22:53 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/03/30 22:22:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/03/30 22:22:47 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/30 22:22:47 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/30 22:22:46 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/26 18:52:42 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2011/03/18 21:22:23 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011/03/09 00:01:42 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/03/08 21:45:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2011/03/07 06:59:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/28 22:29:47 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/02/28 21:06:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/02/28 21:06:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/02/28 20:57:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/02/28 20:57:43 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/02/28 20:57:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/02/28 20:57:24 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/02/28 20:34:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/27 23:58:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/27 23:38:51 | 000,000,117 | ---- | C] () -- C:\WINDOWS\civ.ini
[2011/02/27 23:36:45 | 000,000,309 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2011/02/27 23:33:51 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2011/02/27 23:33:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2011/02/27 23:26:31 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2011/02/27 20:17:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/02/27 20:12:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/02/27 20:12:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/02/27 20:12:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/02/27 20:12:23 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/02/27 20:12:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/02/27 20:12:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/02/27 20:11:43 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/02/27 20:11:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/02/27 20:10:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/02/27 20:10:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/01/13 21:05:38 | 002,014,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\CleanupFiles.exe
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2005/09/29 19:36:33 | 000,192,695 | -H-- | C] () -- C:\Documents and Settings\Michael\Application Data\Michaellog.dat
[2004/12/01 22:44:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2004/11/04 11:48:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 04:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 13:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 13:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 11:12:43 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:10 | 000,492,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 11:12:10 | 000,083,466 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 05:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 05:54:01 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

< End of report >

This post has been edited by cubby989: 08 June 2011 - 04:56 PM

#2 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 14 June 2011 - 04:27 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.

  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.

  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!

  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.


____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 User is offline   cubby989 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 5
  • Joined: 28-May 11

Posted 15 June 2011 - 01:47 PM

I have since gotten rid of the two files using FileAssassin, but am being bugged by another program which boots with my computer, without anything telling it to. (it's not in the startup folder, or in my registry) It is closed with task manager and doesn't pop back up until the next reboot, and it's hidden, and seemingly irremovable, since I can't "un-hide" it, and it's sitting in my system32 folder. It's labeled ntsmprog1.exe in task manager, but it's invisible when I look for it. my antivirus has blocked it from connecting to the internet... I've closed it around an hour ago (as of typing). The task/program eats up A LOT of CPU usage, and A LOT of memory.

#4 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 15 June 2011 - 03:55 PM

Please run the instructions in my previous post, so I can get a better look at what else is going on with your machine.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#5 User is offline   cubby989 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 5
  • Joined: 28-May 11

Posted 16 June 2011 - 10:48 AM

RKUnhhoker


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB72FA000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9891840 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6397952 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 266.58 )
0xB6E4E000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4124672 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7DD6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB28A7000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB723D000 C:\WINDOWS\system32\DRIVERS\WG311T13.sys 401408 bytes (Atheros Communications, Inc., Driver for Atheros AR5001 Wireless Network Adapter)
0xB6D3F000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB29DA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB1089000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD62C000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB09DD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6D04000 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0xB2A66000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB7F51000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB12A9000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D93000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAD3C4000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB2917000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB298A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F7F000 vidstub.sys 163840 bytes
0xB2881000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB2942000 C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 155648 bytes (Oracle Corporation, VirtualBox Support Driver)
0xB6E2A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB72C2000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB729F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB2968000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB7E8C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F21000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB6DB8000 C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 114688 bytes (Oracle Corporation, VirtualBox Bridged Networking Driver)
0xB7D79000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB6DD4000 C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 106496 bytes (Oracle Corporation, VirtualBox Host-Only Network Adapter Driver)
0xB7EF1000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2841000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7F09000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7E63000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6DFF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB7DC0000 inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xB17D6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6E16000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB72E6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806D1000 ACPI_HAL 81152 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB2A33000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7E7A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F40000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6DEE000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB7D21000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB81B8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8198000 C:\WINDOWS\system32\DRIVERS\HssDrv.sys 65536 bytes (AnchorFree Inc., Hotspot Shield Routing Driver)
0xB8188000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB81D8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB1973000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB8168000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8208000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB8228000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB82D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB81A8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8218000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB13FE000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xB8268000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8178000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB8248000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB1B7B000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB8158000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB82F8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8238000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB82A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8148000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB82C8000 C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 36864 bytes (Oracle Corporation, VirtualBox USB Monitor Driver)
0xB82E8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8370000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8380000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB83E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8358000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8378000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 24576 bytes (COMODO, COMODO Internet Security Helper Driver)
0xB83E8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8338000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8340000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8360000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8400000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xB8368000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8438000 C:\WINDOWS\system32\Drivers\PROCEXP141.SYS 20480 bytes
0xB83F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB83F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8398000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB83D8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB8410000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB2AC3000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB1AE7000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xB84D4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB1AE3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB84C0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB85A4000 C:\WINDOWS\System32\DRIVERS\cmderd.sys 12288 bytes (COMODO, COMODO Internet Security Eradication Driver)
0xB857C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7C71000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB7D55000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB7C6D000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB84C4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7D49000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB85FA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB860E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB85F8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB85FC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB866A000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xB85FE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85F2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85F4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8756000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8771000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xB8701000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB8755000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xB874B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xB87A5000 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
==============================================
>Stealth
==============================================


OTL.txt


OTL logfile created on: 6/16/2011 4:28:29 AM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\-----\Desktop\Anti-virus helper
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 53.53% Memory free
3.35 Gb Paging File | 2.71 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 69.25 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 47.72 Gb Free Space | 64.03% Space Free | Partition Type: NTFS

Computer Name: EMACHINE | User Name: ----- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 04:20:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-----\Desktop\Anti-virus helper\OTL.exe
PRC - [2011/06/06 18:28:30 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/06/06 18:26:36 | 001,524,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\-----\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/29 12:07:01 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/02/24 18:05:06 | 002,180,096 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/25 22:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/24 09:06:36 | 000,204,296 | ---- | M] (NTWind Software) -- C:\Program Files\VistaSwitcher\vswitch.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] () -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/03/28 11:54:18 | 000,374,272 | ---- | M] () -- C:\Documents and Settings\-----\Desktop\folders\Lee-Soft Vista-like shtuff\TrueTransparency\TrueTransparency.exe
PRC - [2010/01/29 16:56:48 | 001,222,144 | ---- | M] (Ceiiular) -- C:\Documents and Settings\-----\Desktop\folders\Lee-Soft Vista-like shtuff\Show Desktop.exe
PRC - [2009/06/03 17:12:38 | 001,787,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/01 22:44:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


========== Modules (SafeList) ==========

MOD - [2011/06/16 04:20:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-----\Desktop\Anti-virus helper\OTL.exe
MOD - [2011/05/15 12:34:23 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/28 11:35:00 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\-----\Desktop\folders\Lee-Soft Vista-like shtuff\TrueTransparency\TrueTransparencyHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/06 18:26:36 | 001,524,544 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 18:23:58 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/05/29 12:07:01 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/05/21 22:26:41 | 000,129,856 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] () [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] () [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/15 13:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2004/12/01 22:44:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/06/07 17:19:39 | 000,163,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2011/05/18 16:19:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/05/15 12:34:23 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/05/15 12:34:22 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/15 12:34:22 | 000,017,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011/05/15 12:34:21 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/26 15:10:34 | 000,122,224 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/04/26 15:10:34 | 000,111,280 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/04/26 15:10:34 | 000,044,784 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2011/04/26 15:10:32 | 000,162,544 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/03/30 06:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011/03/22 18:27:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/28 20:49:32 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/22 14:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/12/14 18:47:18 | 000,400,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311T13.sys -- (AR5211)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 217.8.175.41:80

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/14 17:46:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/14 17:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/11 16:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/10 19:35:45 | 000,000,000 | ---D | M]

[2011/03/07 07:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-----\Application Data\Mozilla\Extensions
[2011/05/20 18:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\-----\Application Data\Mozilla\Firefox\Profiles\u0z51v5z.default\extensions
[2011/03/12 20:47:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\-----\Application Data\Mozilla\Firefox\Profiles\u0z51v5z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/30 21:26:48 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\-----\Application Data\Mozilla\Firefox\Profiles\u0z51v5z.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/05/20 18:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 17:46:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/14 17:47:08 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/03/01 00:17:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/06/09 08:46:30 | 000,000,269 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 thepiratebay.org
O1 - Hosts: 127.0.0.1 www.thepiratebay.org
O1 - Hosts: 127.0.0.1 mininova.org
O1 - Hosts: 127.0.0.1 www.mininova.org
O1 - Hosts: 127.0.0.1 forum.mininova.org
O1 - Hosts: 127.0.0.1 blog.mininova.org
O1 - Hosts: 127.0.0.1 suprbay.org
O1 - Hosts: 127.0.0.1 www.suprbay.org
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Allure] C:\Program Files\Allure\Allure.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Desktop Lock] C:\Program Files\Desktop Lock\TLDL.EXE (TopLang Software)
O4 - HKLM..\Run: [Desktop Lock Express] File not found
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006..\Run: [TrueTransparency] C:\Documents and Settings\-----\Desktop\folders\Lee-Soft Vista-like shtuff\TrueTransparency\TrueTransparency.exe ()
O4 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006..\Run: [ViGlance] C:\Program Files\ViGlance\ViGlance.exe (Lee-Soft.com, Lee Matthew Chantrey)
O4 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe (Lee-Soft.com)
O4 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch.exe (NTWind Software)
O4 - Startup: C:\Documents and Settings\-----\Start Menu\Programs\Startup\Kana Reminder.lnk = C:\Program Files\Kana Reminder\Reminder.exe (Kana Solution)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: YNOKZITCHO = C:\WINDOWS\system32\ntmsoprq1.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\-----\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\-----\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 03:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\VistaSwitcher
[2011/06/16 03:48:17 | 002,332,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2011/06/16 03:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Desktop\Win7_RTM_Logon_XP_EN_by_PeterRollar
[2011/06/16 03:33:44 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/06/16 03:33:38 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/06/16 03:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
[2011/06/16 03:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\TuneUp Software
[2011/06/16 03:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011/06/16 03:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/06/16 03:30:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/06/15 10:31:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/14 19:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\.idlerc
[2011/06/14 19:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Git
[2011/06/14 18:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2011/06/14 18:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Nautix
[2011/06/14 18:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerArchiver 2001
[2011/06/14 18:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\PowerArchiver
[2011/06/14 18:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\Thousand Parsec
[2011/06/14 16:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\My Documents\OnLive App
[2011/06/14 16:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\OnLive App
[2011/06/14 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OnLive
[2011/06/14 16:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\OnLive
[2011/06/14 05:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2011/06/14 05:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Aurora
[2011/06/14 05:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Aurora
[2011/06/14 05:52:47 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2011/06/14 05:52:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2011/06/13 22:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Kana Reminder
[2011/06/13 22:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Kana Reminder
[2011/06/12 22:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Thousand Parsec
[2011/06/12 22:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Thousand Parsec
[2011/06/12 21:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\ViSplore
[2011/06/12 21:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Vista Drive Icon
[2011/06/12 21:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Vista Drive Icon
[2011/06/12 20:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Fast Explorer
[2011/06/11 23:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2011/06/11 23:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\reakktor
[2011/06/11 23:17:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/06/11 23:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\My Documents\Reakktor Media
[2011/06/11 21:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\Unity
[2011/06/11 17:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Onlink
[2011/06/11 15:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\Green Man Gaming
[2011/06/11 15:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Capsule Utilities
[2011/06/11 15:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Capsule
[2011/06/10 16:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\PMB Files
[2011/06/10 16:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/06/10 16:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/06/09 19:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/09 19:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/09 18:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/09 16:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\TopLang
[2011/06/09 16:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lighthouse Interactive
[2011/06/09 10:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Lighthouse Interactive
[2011/06/09 10:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Lighthouse Interactive
[2011/06/08 15:24:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Administrative Tools
[2011/06/07 23:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Lock
[2011/06/07 23:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Lock
[2011/06/07 23:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\TopLang
[2011/06/07 23:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TopLang
[2011/06/07 22:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\André Claaßen
[2011/06/07 18:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\Stardock
[2011/06/07 18:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Thoosje Windows Sevenbar
[2011/06/07 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje
[2011/06/07 17:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\WinCustomize
[2011/06/07 17:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2011/06/07 17:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/06/06 11:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Shrapnel Games
[2011/06/06 11:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Shrapnel Games
[2011/06/05 20:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\FreeOrion
[2011/06/05 20:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeOrion
[2011/06/05 20:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\FreeOrion
[2011/06/05 19:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Birth of the Empires
[2011/06/05 18:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kali
[2011/06/05 18:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Kali95
[2011/06/05 14:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/06/05 02:18:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST5UNST.EXE
[2011/06/05 02:18:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5StKit.dll
[2011/06/04 19:16:56 | 000,000,000 | ---D | C] -- C:\DOS
[2011/06/04 18:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\VDMSound
[2011/05/30 11:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2011/05/29 15:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\Bitcoin
[2011/05/29 15:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Bitcoin
[2011/05/29 15:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bitcoin
[2011/05/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\ViGlance
[2011/05/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\ViGlance
[2011/05/29 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\ViStart
[2011/05/29 10:42:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VITrans
[2011/05/29 10:41:58 | 000,094,208 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pskill.exe
[2011/05/29 00:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\.minecraft
[2011/05/28 21:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Desktop\Anti-virus helper
[2011/05/28 19:31:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\-----\Recent
[2011/05/28 13:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\Arparso
[2011/05/28 10:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexus Skirmisher
[2011/05/28 10:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Nexus - The Jupiter Incident
[2011/05/28 09:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexus - The Jupiter Incident
[2011/05/28 08:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus - The Jupiter Incident
[2011/05/24 17:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2011/05/24 17:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
[2011/05/22 23:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\MediaGet2
[2011/05/22 19:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Application Data\Kalypso Media
[2011/05/22 19:10:56 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/05/22 19:10:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/05/22 19:10:54 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/05/22 19:10:51 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/05/22 19:10:48 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/05/22 19:10:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/05/22 19:10:43 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/05/22 19:10:40 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/05/22 18:21:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/22 00:12:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\-----\Application Data\FrostWire
[2011/05/21 22:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Start Menu\Programs\Steam
[2011/05/21 22:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\-----\Local Settings\Application Data\Desura
[2011/05/21 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Desura
[2011/05/21 22:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Desura
[2011/05/21 22:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Desura
[2011/05/21 22:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Desura
[2011/05/20 17:36:39 | 000,000,000 | -H-D | C] -- C:\Program Files\FrostWire
[2011/05/19 17:57:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/05/18 15:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/03/30 22:22:47 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 04:36:41 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/06/16 04:19:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/16 04:02:01 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/16 03:48:20 | 000,000,413 | RHS- | M] () -- C:\boot.ini
[2011/06/16 03:48:18 | 002,332,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2011/06/16 03:46:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3305667324-1960924308-708895227-1006UA.job
[2011/06/16 03:33:31 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/06/16 03:33:31 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/06/15 18:37:25 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_97653.nl_
[2011/06/15 18:36:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 18:36:21 | 1609,027,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 17:08:08 | 000,492,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 17:08:08 | 000,083,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 16:55:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/14 19:07:49 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\-----\.gitconfig
[2011/06/14 19:00:35 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\-----\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2011/06/14 12:06:05 | 000,087,144 | ---- | M] () -- C:\Documents and Settings\-----\My Documents\raptorjesus.jpg
[2011/06/14 05:54:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/14 05:54:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/14 05:52:47 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2011/06/14 05:52:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2011/06/14 05:50:52 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FreeOrion.lnk
[2011/06/14 05:46:04 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3305667324-1960924308-708895227-1006Core.job
[2011/06/13 22:02:25 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\-----\Start Menu\Programs\Startup\Kana Reminder.lnk
[2011/06/13 21:49:51 | 000,009,284 | ---- | M] () -- C:\Documents and Settings\-----\My Documents\hon.jpg
[2011/06/12 01:12:43 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/12 01:12:43 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/11 23:20:29 | 000,002,855 | ---- | M] () -- C:\WINDOWS\System32\ntmsoprq1.PIF
[2011/06/10 19:40:13 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/09 18:27:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/09 15:22:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 11:38:31 | 000,000,574 | ---- | M] () -- C:\WINDOWS\96Crypt.ini
[2011/06/09 11:38:31 | 000,000,016 | ---- | M] () -- C:\WINDOWS\Preregister.sig
[2011/06/09 08:46:30 | 000,000,269 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 22:58:50 | 000,003,932 | ---- | M] () -- C:\Documents and Settings\-----\My Documents\watermelon.gif
[2011/06/08 12:59:44 | 000,130,560 | -HS- | M] () -- C:\WINDOWS\System32\ntmsoprq1.exe
[2011/06/07 21:46:00 | 000,016,444 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/07 17:19:39 | 000,163,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/06/07 07:56:40 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\-----\Desktop\russian-serbianFBname.rtf
[2011/06/06 18:29:10 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/06/06 18:23:58 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/06/06 11:29:55 | 000,107,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/05 22:40:38 | 000,006,307 | ---- | M] () -- C:\Documents and Settings\-----\My Documents\ea093k.jpg
[2011/06/05 18:26:29 | 000,001,753 | ---- | M] () -- C:\WINDOWS\System32\autoexec.nt
[2011/06/05 02:21:00 | 000,000,322 | ---- | M] () -- C:\WINDOWS\MOO2MPOT.INI
[2011/06/02 12:21:08 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 17:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 14:40:32 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\-----\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2011/05/29 10:50:28 | 006,912,054 | ---- | M] () -- C:\WINDOWS\clwcp.bmp
[2011/05/17 17:00:55 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\-----\Application Data\RSBuddy Login.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 03:33:31 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/06/16 03:33:31 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/06/16 03:33:17 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
[2011/06/15 16:10:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/14 19:07:49 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\-----\.gitconfig
[2011/06/14 19:00:35 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\-----\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2011/06/14 14:39:41 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2011/06/14 12:58:02 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\-----\Start Menu\Programs\Startup\Kana Reminder.lnk
[2011/06/14 12:02:07 | 000,087,144 | ---- | C] () -- C:\Documents and Settings\-----\My Documents\raptorjesus.jpg
[2011/06/14 05:50:52 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FreeOrion.lnk
[2011/06/13 21:50:00 | 000,009,284 | ---- | C] () -- C:\Documents and Settings\-----\My Documents\hon.jpg
[2011/06/12 21:07:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\cttune.cpl
[2011/06/11 23:20:29 | 000,002,855 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq1.PIF
[2011/06/11 15:53:27 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\-----\Start Menu\Programs\Capsule.lnk
[2011/06/10 19:40:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/10 19:40:13 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/08 22:58:53 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\-----\My Documents\watermelon.gif
[2011/06/08 13:00:02 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/08 12:59:51 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/08 12:59:44 | 000,130,560 | -HS- | C] () -- C:\WINDOWS\System32\ntmsoprq1.exe
[2011/06/07 17:08:24 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/06/07 07:56:40 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\-----\Desktop\russian-serbianFBname.rtf
[2011/06/05 22:38:01 | 000,006,307 | ---- | C] () -- C:\Documents and Settings\-----\My Documents\ea093k.jpg
[2011/06/05 14:15:19 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/06/05 02:19:49 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\-----\Start Menu\Programs\MeltPot.LNK
[2011/06/05 02:19:46 | 000,000,322 | ---- | C] () -- C:\WINDOWS\MOO2MPOT.INI
[2011/05/29 14:40:32 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\-----\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2011/05/29 10:50:28 | 006,912,054 | ---- | C] () -- C:\WINDOWS\clwcp.bmp
[2011/05/29 10:42:07 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Uharc.exe
[2011/05/29 10:41:58 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\CLWCP.exe
[2011/05/29 10:41:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2011/05/29 10:41:58 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2011/05/28 21:24:39 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_97653.nl_
[2011/05/28 19:44:20 | 000,375,667 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3305667324-1960924308-708895227-1006-0.dat
[2011/05/28 19:44:17 | 000,095,502 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/04 16:01:12 | 000,633,871 | ---- | C] () -- C:\WINDOWS\System32\user32new.dll
[2011/05/04 16:01:12 | 000,134,671 | ---- | C] () -- C:\WINDOWS\System32\winstanew.dll
[2011/05/04 16:01:11 | 001,584,149 | ---- | C] () -- C:\WINDOWS\System32\setupapinew.dll
[2011/05/04 16:01:11 | 000,789,525 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4new.dll
[2011/05/04 16:01:11 | 000,096,783 | ---- | C] () -- C:\WINDOWS\System32\powrprofnew.dll
[2011/05/04 16:01:11 | 000,087,558 | ---- | C] () -- C:\WINDOWS\System32\ntdsapinew.dll
[2011/05/04 16:01:11 | 000,072,707 | ---- | C] () -- C:\WINDOWS\System32\secur32new.dll
[2011/05/04 16:01:10 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2011/05/04 16:01:06 | 000,974,354 | ---- | C] () -- C:\WINDOWS\System32\crypt32new.dll
[2011/05/04 16:01:06 | 000,770,069 | ---- | C] () -- C:\WINDOWS\System32\advapi32new.dll
[2011/05/04 16:01:06 | 000,171,023 | ---- | C] () -- C:\WINDOWS\System32\apphelpnew.dll
[2011/05/03 20:37:17 | 000,039,948 | ---- | C] () -- C:\WINDOWS\System32\dwmapi.dll
[2011/05/03 20:37:17 | 000,000,236 | -H-- | C] () -- C:\Program Files\Common Files\dx.reg
[2011/05/03 20:37:12 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2011/05/03 20:37:12 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2011/05/03 20:37:12 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2011/05/03 20:37:11 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2011/05/03 20:37:11 | 000,002,919 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2011/05/03 20:13:12 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2011/05/03 20:13:11 | 000,167,948 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2011/05/03 20:13:09 | 000,519,912 | ---- | C] () -- C:\WINDOWS\System32\d3dx10d_33.dll
[2011/05/03 20:13:09 | 000,519,912 | ---- | C] () -- C:\WINDOWS\System32\d3dx10d.dll
[2011/05/03 20:13:06 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2011/05/01 09:42:33 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\-----\Application Data\RSBuddy Login.ini
[2011/05/01 08:22:01 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\-----\Application Data\RSBuddy_cubby989.ini
[2011/04/23 13:13:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/04/18 21:48:33 | 000,000,574 | ---- | C] () -- C:\WINDOWS\96Crypt.ini
[2011/04/11 17:37:44 | 000,016,444 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/09 23:46:36 | 000,559,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/04/04 21:19:49 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/03/30 22:22:53 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/03/30 22:22:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/03/30 22:22:47 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/30 22:22:47 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/30 22:22:46 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/18 21:22:23 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011/03/09 00:01:42 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/03/08 21:45:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2011/03/07 06:59:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/28 22:29:47 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/02/28 21:06:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/02/28 21:06:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/02/28 20:57:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/02/28 20:57:43 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/02/28 20:57:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/02/28 20:57:24 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/02/28 20:34:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/27 23:58:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/27 23:38:51 | 000,000,117 | ---- | C] () -- C:\WINDOWS\civ.ini
[2011/02/27 23:36:45 | 000,000,309 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2011/02/27 23:33:51 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2011/02/27 23:33:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2011/02/27 23:26:31 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2011/02/27 20:17:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/02/27 20:12:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/02/27 20:12:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/02/27 20:12:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/02/27 20:12:23 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/02/27 20:12:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/02/27 20:12:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/02/27 20:11:43 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/02/27 20:11:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/02/27 20:10:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/02/27 20:10:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/01/07 20:56:48 | 000,156,776 | ---- | C] () -- C:\WINDOWS\System32\nvsvc32.exe
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2005/09/29 19:36:33 | 000,192,695 | -H-- | C] () -- C:\Documents and Settings\-----\Application Data\-----log.dat
[2004/12/01 22:44:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2004/11/04 11:48:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 04:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 13:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 13:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 11:12:43 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:10 | 000,492,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 11:12:10 | 000,083,466 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 05:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 05:54:01 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

< End of report >


OTL's Extras.txt



OTL Extras logfile created on: 6/16/2011 4:28:29 AM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\-----\Desktop\Anti-virus helper
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 53.53% Memory free
3.35 Gb Paging File | 2.71 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 69.25 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 47.72 Gb Free Space | 64.03% Space Free | Partition Type: NTFS

Computer Name: EMACHINE | User Name: ----- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3305667324-1960924308-708895227-1006\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9777:TCP" = 9777:TCP:*:Enabled:Moonbase Alpha
"9777:UDP" = 9777:UDP:*:Enabled:Moonbase Alpha
"8766:UDP" = 8766:UDP:*:Enabled:Moonbase Alpha
"27016:UDP" = 27016:UDP:*:Enabled:Moonbase Alpha
"21:TCP" = 21:TCP:*:Enabled:FTP
"21:UDP" = 21:UDP:*:Enabled:FTP
"20:TCP" = 20:TCP:*:Enabled:FTP-Data

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Sierra\FEAR\FEAR.exe" = D:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"D:\Program Files\Electronic Arts\Darkspore\DarksporeBin\Darkspore.exe" = D:\Program Files\Electronic Arts\Darkspore\DarksporeBin\Darkspore.exe:*:Enabled:Darkspore™ -- (Maxis, a division of Electronic Arts Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Nakido\nakido.exe" = C:\Program Files\Nakido\nakido.exe:*:Enabled:Nakido
"C:\Program Files\Vidalia Bundle\Tor\tor.exe" = C:\Program Files\Vidalia Bundle\Tor\tor.exe:*:Enabled:tor -- ()
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\JDownloader\downloads\portal 2 client binaries ncf v3-cs rin\common\portal 2\portal2.exe" = C:\Program Files\JDownloader\downloads\portal 2 client binaries ncf v3-cs rin\common\portal 2\portal2.exe:*:Enabled:portal2
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
"C:\Matrix Games\Distant Worlds\update.exe" = C:\Matrix Games\Distant Worlds\update.exe:*:Enabled:TrueUpdate Client -- ()
"C:\Program Files\Mount&Blade Warband\mb_warband.exe" = C:\Program Files\Mount&Blade Warband\mb_warband.exe:*:Disabled:Mount&Blade: Warband
"C:\Program Files\StreamMyGame\streamer_server.exe" = C:\Program Files\StreamMyGame\streamer_server.exe:*:Enabled:Streamer Server
"C:\Program Files\JDownloader\downloads\P2G\common\portal 2\portal2.exe" = C:\Program Files\JDownloader\downloads\P2G\common\portal 2\portal2.exe:*:Enabled:portal2 -- ()
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Heaven and Hell - live and let die\Run\h_h.exe" = C:\Program Files\Heaven and Hell - live and let die\Run\h_h.exe:*:Enabled:h_h
"C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe" = C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\TimeGate Studios\Section 8 Prejudice\Binaries\Win32\S9-Win32-F.exe" = C:\Program Files\TimeGate Studios\Section 8 Prejudice\Binaries\Win32\S9-Win32-F.exe:*:Enabled:Section 8: Prejudice
"C:\Program Files\Microsoft Games\Fable III\Fable3.exe" = C:\Program Files\Microsoft Games\Fable III\Fable3.exe:*:Enabled:Fable III -- (Lionhead Studios Limited)
"C:\Program Files\Steam\steamapps\mikeltest\dark messiah might and magic multi-player\mm.exe" = C:\Program Files\Steam\steamapps\mikeltest\dark messiah might and magic multi-player\mm.exe:*:Enabled:mm -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Documents and Settings\-----\Local Settings\Application Data\MediaGet2\mediaget.exe" = C:\Documents and Settings\-----\Local Settings\Application Data\MediaGet2\mediaget.exe:*:Enabled:MediaGet torrent client
"C:\Documents and Settings\-----\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\-----\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe" = C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe:*:Enabled:COMODO Internet Security -- (COMODO)
"C:\Documents and Settings\-----\Desktop\tdss.com" = C:\Documents and Settings\-----\Desktop\tdss.com:*:Enabled:TDSS rootkit removing tool
"C:\Program Files\Nexus - The Jupiter Incident\nexus_dx9.exe" = C:\Program Files\Nexus - The Jupiter Incident\nexus_dx9.exe:*:Enabled:Nexus -- ()
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\eRightSoft\96Crypt\96Crypt.exe" = C:\Program Files\eRightSoft\96Crypt\96Crypt.exe:*:Enabled:96Crypt File/Folder - EnCryption/DeCryption -- (eRightSoft ©)
"C:\WINDOWS\96Crypt.exe" = C:\WINDOWS\96Crypt.exe:*:Enabled:96Crypt File/Folder - EnCryption/DeCryption -- (eRightSoft ©)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Gyazo\gyazowin.exe" = C:\Program Files\Gyazo\gyazowin.exe:*:Enabled:Gyazo: Screen Uploader -- ()
"C:\Program Files\Bitcoin\bitcoin.exe" = C:\Program Files\Bitcoin\bitcoin.exe:*:Enabled:bitcoin -- ()
"C:\Program Files\Steam\steamapps\mikeltest\dystopia\hl2.exe" = C:\Program Files\Steam\steamapps\mikeltest\dystopia\hl2.exe:*:Enabled:Dystopia -- ()
"C:\Program Files\Steam\steamapps\mikeltest\dark messiah might and magic multi-player\runme.exe" = C:\Program Files\Steam\steamapps\mikeltest\dark messiah might and magic multi-player\runme.exe:*:Enabled:Dark Messiah Might and Magic Multi-Player -- ()
"C:\Program Files\Steam\steamapps\common\bad rats\Rats.exe" = C:\Program Files\Steam\steamapps\common\bad rats\Rats.exe:*:Enabled:Bad Rats -- ()
"C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe" = C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe:*:Enabled:Moonbase Alpha -- ()
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Kali95\Kali.exe" = C:\Program Files\Kali95\Kali.exe:*:Enabled:Kali II (Ver 2.613) -- (Kali.net, Inc.)
"C:\Program Files\Birth of the Empires\BotE.exe" = C:\Program Files\Birth of the Empires\BotE.exe:*:Enabled:Birth of the Empires -- (Sir Pustekuchen)
"C:\Program Files\FreeOrion\freeoriond.exe" = C:\Program Files\FreeOrion\freeoriond.exe:*:Enabled:freeoriond -- ()
"C:\Program Files\Shrapnel Games\Malfador Machinations\Space Empires IV Gold\Se4.exe" = C:\Program Files\Shrapnel Games\Malfador Machinations\Space Empires IV Gold\Se4.exe:*:Enabled:Space Empires IV -- (Malfador Machinations)
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"D:\Program Files\StarCraft\Maps\BroodWar\Ladder\kcaha\utorrent\uTorrent.exe" = D:\Program Files\StarCraft\Maps\BroodWar\Ladder\kcaha\utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Steam\steamapps\mikeltest\eternal-silence\hl2.exe" = C:\Program Files\Steam\steamapps\mikeltest\eternal-silence\hl2.exe:*:Enabled:Eternal Silence -- ()
"C:\Program Files\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe" = C:\Program Files\Steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe:*:Enabled:Spiral Knights -- (Sun Microsystems, Inc.)
"C:\Program Files\Thousand Parsec\tpclient-pywx\tpclient-pywx.exe" = C:\Program Files\Thousand Parsec\tpclient-pywx\tpclient-pywx.exe:*:Enabled:wxPython based client for Thousand Parsec
"C:\Program Files\Thousand Parsec\tpclient-pywx\tpserver-cpp\bin\tpserver-cpp.exe" = C:\Program Files\Thousand Parsec\tpclient-pywx\tpserver-cpp\bin\tpserver-cpp.exe:*:Enabled:tpserver-cpp
"C:\Program Files\Steam\steamapps\mikeltest\day of defeat source\hl2.exe" = C:\Program Files\Steam\steamapps\mikeltest\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source -- ()
"C:\Program Files\Steam\steamapps\mikeltest\garrysmod\hl2.exe" = C:\Program Files\Steam\steamapps\mikeltest\garrysmod\hl2.exe:*:Enabled:Garry's Mod -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A753859-207A-436C-BB49-B0A4FA72F91E}_is1" = Birth of the Empires 0.8
"{136A7381-D9A0-453C-B999-B012E09253F1}" = Oracle VM VirtualBox 4.0.6
"{171251E0-4EED-4EA1-A46D-3213A226F2B3}_is1" = Arx Fatalis version 1.21
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{300D824F-DA86-4F08-B38C-3B204291AFE9}_is1" = SpaceChem Demo
"{32939827-D8E5-470A-B126-870DB3C69FDF}" = Python 2.7.1
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4FA2DAFD-2D72-4ACF-BDD8-4178E8AFD459}_is1" = TGA Viewer
"{544707D4-E543-419D-87B2-5D1000008200}" = Section 8: Prejudice
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DC4C06-95ED-4AD2-98CE-BEB82D47F84C}" = Vidalia 0.2.10
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{79A65475-2F7F-491C-BF2F-8D5C0AF0775C}" = DUNGEONS
"{80C3019B-3BA4-4674-AC90-A0B402593BA5}_is1" = WMP Tag Plus 1.2
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{96443F45-13E2-11D6-AC87-00D0B7A9E540}" = Arx Fatalis
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDE46766-A2BC-44FF-A781-D2C718336F65}" = Nexus: The Jupiter Incident
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F83B33CD-1422-448A-82DC-26D174F49189}" = AES Crypt
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR Wireless Adapter WG311T
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"96CRYPT" = 96CRYPT Version 2008.build.20 (Jan 5, 2008)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Allure" = Allure 1.1.1
"Battleships Forever_is1" = Battleships Forever v0.90d
"Belarc Advisor" = Belarc Advisor 8.1
"Bontago" = Bontago
"BootSkin" = BootSkin
"Capsule" = Capsule
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DeadlockDeinstKey" = Deadlock
"Desktop Lock" = Desktop Lock 7.3
"Desura" = Desura
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Setup.divx.com" = DivX Setup
"FileASSASSIN" = FileASSASSIN
"FLAC" = FLAC 1.2.1b (remove only)
"FreeOrion" = FreeOrion 0.3.15
"GameSpy Arcade" = GameSpy Arcade
"GCFScape_is1" = GCFScape 1.8.2
"GeoForms" = GeoForms Screensaver by NVIDIA (remove only)
"Git_is1" = Git version 1.7.4-preview20110204
"Halo CE" = Microsoft Halo Custom Edition
"HotspotShield" = Hotspot Shield 1.57
"ie8" = Windows Internet Explorer 8
"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR Wireless Adapter WG311T
"JAIELangPack" = Japanese Language Support
"Kali II" = Kali II
"Kana Reminder_is1" = Kana Reminder 1.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mp3tag" = Mp3tag v2.48
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nexus Skirmisher_is1" = Nexus Skirmisher v0.61
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
"Onlink Update" = Onlink
"OnLive" = OnLive
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"PowerArchiver" = PowerArchiver
"RocketDock_is1" = RocketDock 1.3.5
"SimSafariUninstall" = SimSafari
"Space Empires IV Gold" = Space Empires IV Gold
"SpaceTime 3D" = SpaceTime 3D
"ST5UNST #1" = Melting Pot v0.95
"ST6UNST #1" = Aurora
"StarCraft" = StarCraft
"Starship Tycoon Full_is1" = Starship Tycoon Full
"Steam App 17510" = Age of Chivalry
"Steam App 17550" = Eternal Silence
"Steam App 17580" = Dystopia
"Steam App 2130" = Dark Messiah Might and Magic Multi-Player
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34900" = Bad Rats
"Steam App 39000" = Moonbase Alpha
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 630" = Alien Swarm
"Steam App 99900" = Spiral Knights
"Sword of the Stars" = Sword of the Stars ANY
"Thoosje Windows Sevenbar" = Thoosje Windows Sevenbar
"Tor" = Tor 0.2.1.30
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.10
"ViGlance" = ViGlance
"ViSploreBeta1" = ViSplore
"Vista Drive Icon" = Vista Drive Icon 1.4
"ViStart" = ViStart
"VistaSwitcher" = VistaSwitcher
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-unicode-py27_is1" = wxPython 2.8.11.0 (unicode) for Python 2.7
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3305667324-1960924308-708895227-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for -----
"af952d3cc7745072" = Majesty of Omega
"Bitcoin" = Bitcoin
"comtypes-py2.7" = Python 2.7 comtypes-0.6.2
"FileZilla Client" = FileZilla Client 3.5.0
"Google Chrome" = Google Chrome
"numpy-py2.7" = Python 2.7 numpy-1.5.1
"py2exe-py2.7" = Python 2.7 py2exe-0.6.9
"setuptools-py2.7" = Python 2.7 setuptools-0.6c11
"SpaceTime 3D" = SpaceTime 3D
"UnityWebPlayer" = Unity Web Player
"WOEmu 2.1.3 With Mac Support" = WOEmu 2.1.3 With Mac Support

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2011 7:05:00 PM | Computer Name = EMACHINE | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 dungeons.exe, P2 0.0.0.0, P3 4d58240c, P4 mscorlib,
P5 4.0.0.0, P6 4d53693b, P7 3dab, P8 13c, P9 system.unauthorizedaccess, P10 NIL.

Error - 5/23/2011 7:05:03 PM | Computer Name = EMACHINE | Source = .NET Runtime | ID = 1026
Description = Application: Dungeons.exe Framework Version: v4.0.30319 Description:
The process was terminated due to an unhandled exception. Exception Info: System.UnauthorizedAccessException
Stack:

at Realmforge.MogreUtil.Application.MainApplication`3[[System.__Canon, mscorlib,
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon,
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon,
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run()

at Realmforge.Dungeons.DungeonsMain.Main(System.String[])

Error - 5/23/2011 9:14:54 PM | Computer Name = EMACHINE | Source = .NET Runtime | ID = 1023
Description = Application: Dungeons.exe Framework Version: v4.0.30319 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 79213722
(79140000) with exit code 80131506.

Error - 5/23/2011 9:15:07 PM | Computer Name = EMACHINE | Source = .NET Runtime 4.0 Error Reporting | ID = 1000
Description = Faulting application dungeons.exe, version 0.0.0.0, stamp 4d58240c,
faulting module clr.dll, version 4.0.30319.225, stamp 4d53688b, debug? 0, fault
address 0x000d3722.

Error - 5/28/2011 2:17:40 PM | Computer Name = EMACHINE | Source = .NET Runtime 4.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 nexus launcher.exe, P2 1.0.0.0, P3 4d4b7310,
P4 system.xml, P5 4.0.0.0, P6 4ba1dfec, P7 216a, P8 22a, P9 system.windows.markup.xamlparse,
P10 NIL.

Error - 5/28/2011 2:17:43 PM | Computer Name = EMACHINE | Source = .NET Runtime | ID = 1026
Description =

Error - 5/28/2011 4:54:17 PM | Computer Name = EMACHINE | Source = Application Error | ID = 1000
Description = Faulting application vidalia.exe, version 0.2.10.0, faulting module
qtcore4.dll, version 4.6.2.0, fault address 0x000170dd.

Error - 5/28/2011 5:45:45 PM | Computer Name = EMACHINE | Source = Application Error | ID = 1000
Description = Faulting application nexus_dx9.exe, version 0.0.0.0, faulting module
nexus_dx9.exe, version 0.0.0.0, fault address 0x00137e2e.

Error - 5/28/2011 6:07:09 PM | Computer Name = EMACHINE | Source = Application Error | ID = 1000
Description = Faulting application nexus_dx9.exe, version 0.0.0.0, faulting module
nexus_dx9.exe, version 0.0.0.0, fault address 0x00017beb.

Error - 5/28/2011 6:14:59 PM | Computer Name = EMACHINE | Source = Application Error | ID = 1000
Description = Faulting application nexus_dx9.exe, version 0.0.0.0, faulting module
nexus_dx9.exe, version 0.0.0.0, fault address 0x00137e2e.

[ System Events ]
Error - 6/13/2011 5:25:36 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/14/2011 12:57:46 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%2

Error - 6/14/2011 12:57:46 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 6/15/2011 10:56:42 AM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%2

Error - 6/15/2011 10:56:44 AM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 6/15/2011 7:37:46 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%2

Error - 6/15/2011 7:39:07 PM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 6/16/2011 4:33:40 AM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083

Error - 6/16/2011 4:36:20 AM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%5

Error - 6/16/2011 4:36:23 AM | Computer Name = EMACHINE | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%5


< End of report >

#6 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 16 June 2011 - 10:59 AM

Hi!

Did you set this proxy in Internet Explorer?

IE - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 217.8.175.41:80


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:OTL
SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 1
O4 - HKLM..\Run: [Desktop Lock Express] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: YNOKZITCHO = C:\WINDOWS\system32\ntmsoprq1.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O37 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3305667324-1960924308-708895227-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2011/06/16 04:19:00 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/16 04:02:01 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/15 18:37:25 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_97653.nl_
[2011/06/08 13:00:02 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/08 12:59:51 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/08 12:59:44 | 000,130,560 | -HS- | C] () -- C:\WINDOWS\System32\ntmsoprq1.exe
[2011/05/28 21:24:39 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_97653.nl_

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.



NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#7 User is offline   cubby989 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 5
  • Joined: 28-May 11

Posted 17 June 2011 - 04:17 PM

I ran OTL, and right before finishing it popped up an error, I haven't run combofix yet.
Posted Image

#8 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 17 June 2011 - 04:38 PM

Please exit out of OTL and proceed with ComboFix.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#9 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 19 June 2011 - 10:06 AM

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.


Thanks,
SweetTech.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#10 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 20 June 2011 - 10:16 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users