BleepingComputer.com: temp:winupd on Windows XP

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

temp:winupd on Windows XP

#31 User is offline   Dont Shoot Me 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 19-January 12

Posted 04 February 2012 - 06:44 AM

Sorry, I was not at my home for a bit.

Quote

OTL logfile created on: 2/4/2012 4:58:00 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brett\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.20% Memory free
4.84 Gb Paging File | 4.17 Gb Available in Paging File | 86.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 332.40 Gb Free Space | 71.37% Space Free | Partition Type: NTFS

Computer Name: A | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 03:26:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/02/27 20:54:22 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/02/27 20:54:21 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2009/06/08 19:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/06/08 19:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2004/02/18 11:55:28 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 07:06:43 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/04 07:06:42 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2011/10/13 06:28:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 06:28:01 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 06:11:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 06:11:34 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 06:11:23 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 06:09:07 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 06:08:34 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/02/27 20:54:29 | 000,031,560 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dti.dll
MOD - [2011/02/27 20:54:26 | 000,331,592 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dhr.dll
MOD - [2011/02/27 20:54:26 | 000,300,872 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dsp.dll
MOD - [2011/02/27 20:54:25 | 000,102,216 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\drs.dll
MOD - [2011/02/27 20:54:25 | 000,055,624 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\det.dll
MOD - [2011/02/27 20:54:24 | 000,281,416 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dsl.dll
MOD - [2011/02/27 20:54:23 | 000,265,544 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dqr.dll
MOD - [2011/02/27 20:54:23 | 000,029,000 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dut.dll
MOD - [2011/02/27 20:54:23 | 000,021,832 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dxm.dll
MOD - [2011/02/27 20:54:22 | 000,183,624 | ---- | M] () -- C:\Program Files\Immunet Protect\2.0.17\dcf.dll
MOD - [2009/07/19 02:52:58 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3257.27061__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3257.27076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2009/07/19 02:52:58 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2009/07/19 02:52:58 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2009/07/19 02:52:58 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,671,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3257.27107__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:57 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:57 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/07/19 02:52:57 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3257.27106__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:57 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:57 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3257.27072__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,716,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3257.27051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/07/19 02:52:56 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/07/19 02:52:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/07/19 02:52:56 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/07/19 02:52:55 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/07/19 02:52:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/07/19 02:52:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/07/19 02:52:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/07/19 02:52:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/07/19 02:52:54 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/07/19 02:52:54 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/07/19 02:52:54 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009/07/19 02:52:54 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/07/19 02:52:53 | 001,073,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/07/19 02:52:53 | 000,532,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/07/19 02:52:53 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/07/19 02:52:53 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/07/19 02:52:53 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/07/19 02:52:53 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/07/19 02:52:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/07/19 02:52:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2009/07/19 02:52:53 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/07/19 02:52:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/07/19 02:52:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/07/19 02:52:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/07/19 02:52:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/07/19 02:52:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/07/19 02:52:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/07/19 02:52:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/07/19 02:52:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/06/08 19:50:00 | 000,148,816 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\vsevntui.dll
MOD - [2008/10/30 13:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2006/11/17 12:41:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/11/17 12:39:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AcrSch2Svc)
SRV - [2012/01/29 07:50:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/27 20:54:29 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2011/02/27 20:54:21 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/06/08 19:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/06/08 19:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/06/27 15:24:34 | 000,467,028 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 10:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2008/01/29 11:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Disabled | Running] -- -- (pctEFA)
DRV - File not found [Kernel | Disabled | Running] -- -- (pctDS)
DRV - File not found [Kernel | Disabled | Running] -- -- (PCTCore)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/27 20:54:31 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/02/27 20:54:31 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2009/07/25 21:52:12 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/25 21:52:11 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/19 02:45:54 | 000,442,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/07/19 02:45:54 | 000,043,424 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/08 19:50:00 | 000,177,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/06/08 19:50:00 | 000,073,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/06/08 19:50:00 | 000,065,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/06/08 19:50:00 | 000,052,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/06/08 19:50:00 | 000,034,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/08 19:50:00 | 000,031,848 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2009/01/14 01:23:00 | 000,458,752 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/12/01 16:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/31 12:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/10/01 15:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/07/03 02:55:36 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/07/03 02:53:44 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/07/03 02:53:33 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 06:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\i8042prt.sy@ -- (i8042prt)
DRV - [2008/02/20 20:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/12/14 03:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q="
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/19 00:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/29 07:50:46 | 000,000,000 | ---D | M]

[2009/08/28 17:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Extensions
[2009/08/28 17:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/05 11:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions
[2009/09/15 21:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/27 16:41:05 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/10/06 21:05:17 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/09/15 21:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\staged-xpis
[2010/06/05 11:15:49 | 000,000,000 | ---D | M] (LimeWire Toolbar) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\extensions\toolbar@ask.com
[2009/09/27 16:40:40 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\searchplugins\AIM Search.xml
[2010/03/28 11:08:00 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\searchplugins\askcom.xml
[2009/07/17 17:02:48 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\y2cy3grn.default\searchplugins\BearShareWebSearch.xml
[2012/01/29 07:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2009/07/17 17:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2012/01/29 08:05:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll ()
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-MS0SB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-1336601894-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252376986546 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F8CFEAF-F95E-4349-A725-CDC4C1C1F763}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 22:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 06:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/29 07:55:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/29 07:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/27 17:31:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/27 08:03:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/26 03:57:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/26 03:49:09 | 004,391,956 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\Desktop\ComboFix.exe
[2012/01/26 03:05:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/25 16:03:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/25 16:03:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/25 16:03:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/25 05:20:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/25 05:20:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/24 03:26:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
[2012/01/24 03:18:33 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brett\My Documents\aswMBR.exe
[2012/01/24 03:13:34 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\My Documents\tdsskiller.exe
[2012/01/23 22:12:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\My Documents\dds-1.scr
[2012/01/23 21:50:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brett\Start Menu\Programs\Administrative Tools
[2012/01/23 21:49:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\My Documents\dds.scr
[2012/01/22 17:23:19 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brett\My Documents\TFC.exe
[2012/01/21 04:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/19 15:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brett\My Documents\tdsskiller
[2012/01/19 13:41:21 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Brett\Desktop\RootRepeal.exe
[2012/01/19 13:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brett\Application Data\Malwarebytes
[2012/01/19 13:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 13:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/19 13:16:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/19 13:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/19 13:12:36 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brett\My Documents\mbam-setup.exe
[2012/01/19 04:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/19 04:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/18 21:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/18 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/18 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[3 C:\Documents and Settings\Brett\*.tmp files -> C:\Documents and Settings\Brett\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/04 04:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 14:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 11:04:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/02/01 19:22:05 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-MS0SB.exe
[2012/02/01 19:22:05 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-MS0SB.msg
[2012/02/01 19:22:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 19:22:05 | 000,000,479 | ---- | M] () -- C:\WINDOWS\is-MS0SB.lst
[2012/01/31 07:43:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/29 18:14:23 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/01/29 18:14:13 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/01/29 18:14:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/29 08:09:30 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/01/29 08:05:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/29 07:57:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/28 21:44:47 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\SecurityCheck.exe
[2012/01/27 07:49:26 | 004,391,956 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\Desktop\ComboFix.exe
[2012/01/26 16:58:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 02:35:45 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012/01/24 03:26:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
[2012/01/24 03:24:40 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\FSS.exe
[2012/01/24 03:18:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brett\My Documents\aswMBR.exe
[2012/01/24 03:13:46 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\My Documents\tdsskiller.exe
[2012/01/23 23:39:33 | 000,009,466 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\flashPollResultsState.html
[2012/01/23 22:12:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\My Documents\dds-1.scr
[2012/01/23 21:58:24 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\l5zsdjnq.exe
[2012/01/23 21:49:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\My Documents\dds.scr
[2012/01/23 16:23:16 | 000,396,263 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\MiniToolBox.exe
[2012/01/22 17:23:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\My Documents\TFC.exe
[2012/01/19 15:47:32 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\y8uh29ds.exe
[2012/01/19 15:43:01 | 002,035,725 | ---- | M] () -- C:\Documents and Settings\Brett\My Documents\tdsskiller.zip
[2012/01/19 13:41:26 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Brett\Desktop\RootRepeal.exe
[2012/01/19 13:13:25 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brett\My Documents\mbam-setup.exe
[2012/01/11 07:04:27 | 000,651,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/11 07:04:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\Documents and Settings\Brett\*.tmp files -> C:\Documents and Settings\Brett\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 19:22:05 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-MS0SB.exe
[2012/02/01 19:22:05 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-MS0SB.msg
[2012/02/01 19:22:05 | 000,000,479 | ---- | C] () -- C:\WINDOWS\is-MS0SB.lst
[2012/01/28 21:44:42 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\SecurityCheck.exe
[2012/01/26 03:57:20 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/01/26 03:57:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/25 16:03:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/25 16:03:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/25 16:03:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/25 16:03:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/25 16:03:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/24 03:24:38 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\FSS.exe
[2012/01/23 23:39:29 | 000,009,466 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\flashPollResultsState.html
[2012/01/23 21:58:22 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\l5zsdjnq.exe
[2012/01/23 16:23:13 | 000,396,263 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\MiniToolBox.exe
[2012/01/19 15:47:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\y8uh29ds.exe
[2012/01/19 15:42:48 | 002,035,725 | ---- | C] () -- C:\Documents and Settings\Brett\My Documents\tdsskiller.zip
[2012/01/19 13:18:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/05/07 11:33:19 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/04/30 13:45:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/30 12:46:20 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/01/23 21:40:55 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Brett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/13 07:02:45 | 000,000,195 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/30 12:32:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/19 21:24:06 | 000,077,575 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009/09/17 18:24:25 | 000,027,056 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/14 16:47:32 | 000,010,563 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2009/08/26 12:58:24 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/08/26 12:40:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/25 21:52:12 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/07/25 21:52:11 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/19 02:54:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/07/19 02:50:57 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/19 02:50:10 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/07/19 02:50:04 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/07/19 02:50:03 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/07/19 02:50:03 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/07/19 02:50:03 | 000,180,720 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/07/19 02:34:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/18 22:51:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/18 22:43:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/18 22:39:53 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\CabTool.exe
[2009/07/18 17:33:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/18 17:31:20 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/21 11:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 11:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/06/27 15:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/06/19 14:39:47 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/06/19 14:39:45 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/06/19 14:39:45 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/18 15:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 15:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/03/03 01:50:56 | 000,004,460 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2004/02/11 12:39:07 | 000,000,316 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat

========== LOP Check ==========

[2011/06/04 14:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\106D
[2009/07/19 02:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/09/27 16:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/07/19 12:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/03/05 07:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gEdIlOg17600
[2010/01/07 19:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2010/04/13 17:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/05/26 10:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/01/07 15:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2012/02/03 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/10 20:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/06/12 15:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 12:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/26 13:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/03 18:46:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}
[2010/01/07 19:12:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}
[2010/12/09 01:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\.minecraft
[2009/09/27 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\acccore
[2009/10/06 21:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\BearShareTb
[2010/10/13 07:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Dukoap
[2010/10/10 22:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Imco
[2011/02/27 20:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Immunet
[2009/07/19 02:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\InterTrust
[2011/06/04 14:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\LimeWire
[2011/02/07 02:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Search Settings
[2010/01/07 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Stardock
[2009/07/18 22:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Styler
[2011/03/22 23:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\The Creative Assembly
[2011/07/02 00:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\TS3Client
[2010/01/07 18:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\WildTangent
[2011/02/07 02:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\YouTube Downloader
[2012/01/29 18:14:23 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#32 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,666
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 04 February 2012 - 08:58 AM

Hi!

Are you experiencing any outstanding issues with your computer?

Do you recognize these files?

[2012/02/01 19:22:05 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-MS0SB.exe
[2012/02/01 19:22:05 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-MS0SB.msg
[2012/02/01 19:22:05 | 000,000,479 | ---- | C] () -- C:\WINDOWS\is-MS0SB.lst

Please download ZipIt from here:
Download Link
  • Double-click ZipIt! to run it. (Windows Vista & 7 users need to right click and Run as Administrator)
  • Then copy the content of the following codebox into the textfield:

    ::info::
::bleeping::102
C:\WINDOWS\is-MS0SB.exe
C:\WINDOWS\is-MS0SB.msg
C:\WINDOWS\is-MS0SB.lst


  • Then, just click the Zip button.
  • When finished, and if successful, it should automatically submit a file for me, so that it may be analyzed further. You should also see that a new .zip file has been created on your Desktop. You will be notified of what the file name is when the process has been completed.



NEXT:


OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2011/06/04 14:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\106D
[2011/03/05 07:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gEdIlOg17600

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\gEdIlOg17600
dir /s /a "C:\Documents and Settings\All Users\Application Data\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}" /c
dir /s /a "C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}" /c
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#33 User is offline   Dont Shoot Me 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 19-January 12

Posted 04 February 2012 - 11:08 AM

When I ran ZipIt I received three error messages saying that all three files did not exist. Also, I did not notice that the fix you wanted me to run killed all running processes before I ran it. Every time I run a program that tries to close out of my running processes I receive an error message stating that mbamservice.exe was terminated unexpectedly and then my computer freezes. The only way I have been able to even prevent this process from starting is by booting up in safe mode or running a diagnostic startup. I didn't do either of those when I ran OTL (but I did disable Malwarebytes) so I received that error message and my computer froze again. OTL displayed that it only got to the "KILLALLPROCESSES" stage so I booted up in safe mode and ran the fix again. This time OTL got to the [CreateRestorePoint] stage and then stopped. I let it sit for an hour and it didn't change so I rebooted. I checked for a log in the location you mentioned and there was a file with the date and time I ran OTL, but inside of the file there was no log. Instead it had my C_Documents and Settings and C_WINDOWS files in it which then contained even more files.

C_Documents and Settings -> All Users -> Application Data -> 106D & gEdIlOg17600 -> a shockwave flash object file & an unrecognized file titled gEdIlOg17600.

C_WINDOWS -> System32 -> drivers -> etc -> an unrecognized file titled "Hosts"

I'm not sure what I should do next.

My computer has been and still is running completely normally. I am not having any problems with it.

This post has been edited by Dont Shoot Me: 04 February 2012 - 11:10 AM

#34 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,666
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 05 February 2012 - 05:26 AM

Hi!

I apologize for that!

Please try running this script for me:

OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
:OTL
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2011/06/04 14:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\106D
[2011/03/05 07:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gEdIlOg17600

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\gEdIlOg17600
dir /s /a "C:\Documents and Settings\All Users\Application Data\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}" /c
dir /s /a "C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}" /c
:Commands
[CreateRestorePoint]
[EMPTYFLASH]
[EMPTYJAVA]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#35 User is offline   Dont Shoot Me 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 19-January 12

Posted 05 February 2012 - 06:31 AM

Ok that worked, here is the log:

Quote

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
Folder C:\Documents and Settings\All Users\Application Data\106D\ not found.
Folder C:\Documents and Settings\All Users\Application Data\gEdIlOg17600\ not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\gEdIlOg17600 not found.
< dir /s /a "C:\Documents and Settings\All Users\Application Data\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}" /c >
Volume in drive C has no label.
Volume Serial Number is 2475-8B66
Directory of C:\Documents and Settings\All Users\Application Data\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}
08/03/2010 06:46 PM <DIR> .
08/03/2010 06:46 PM <DIR> ..
08/03/2010 06:46 PM 104 instance.dat
06/18/2009 03:46 PM 580,488 mia.lib
08/03/2010 06:46 PM 252 setup.dat
06/18/2009 03:46 PM 2,975,432 setup.exe
08/03/2010 06:46 PM 0 setup.lnk
06/18/2009 03:46 PM 412,672 setup.msi
08/03/2010 06:46 PM 2,180 setup.par
06/18/2009 03:44 PM 3,747,853 setup.res
8 File(s) 7,718,981 bytes
Total Files Listed:
8 File(s) 7,718,981 bytes
2 Dir(s) 356,990,566,400 bytes free
C:\Documents and Settings\Brett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brett\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}" /c >
Volume in drive C has no label.
Volume Serial Number is 2475-8B66
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
01/07/2010 07:12 PM 234 Impulse_setup.dat
12/09/2009 12:52 PM 3,143,528 Impulse_setup.exe
01/07/2010 07:12 PM 0 Impulse_setup.lnk
12/09/2009 12:52 PM 338,432 Impulse_setup.msi
01/07/2010 07:12 PM 1,552 Impulse_setup.par
12/09/2009 12:52 PM 5,592,928 Impulse_setup.res
01/07/2010 07:12 PM 89 instance.dat
12/09/2009 12:52 PM 575,060 mia.lib
01/07/2010 07:12 PM <DIR> OFFLINE
06/09/2009 07:34 AM 310,554 setup.bmp
01/07/2010 07:12 PM 0 {EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}
10 File(s) 9,962,377 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
01/07/2010 07:11 PM <DIR> 86D01CB6
01/07/2010 07:12 PM <DIR> 8EC17391
01/07/2010 07:12 PM 0 {E729B920-82B7-4745-BB91-ADFAE44EF2DC}
1 File(s) 0 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
01/07/2010 07:11 PM <DIR> 12FD35EB
01/07/2010 07:11 PM <DIR> 1A799BB5
01/07/2010 07:11 PM <DIR> 35301089
01/07/2010 07:11 PM <DIR> 37EF46F7
01/07/2010 07:11 PM <DIR> 4328B2B6
01/07/2010 07:11 PM <DIR> 56C68191
01/07/2010 07:11 PM <DIR> 597810BF
01/07/2010 07:11 PM <DIR> 6716005D
01/07/2010 07:11 PM <DIR> 757C30BC
01/07/2010 07:11 PM <DIR> 7A63466D
01/07/2010 07:11 PM <DIR> 8F9D7312
01/07/2010 07:11 PM <DIR> 951C8FD
01/07/2010 07:11 PM <DIR> 95E3D25
01/07/2010 07:11 PM <DIR> 96100A2F
01/07/2010 07:11 PM <DIR> A6C95F7B
01/07/2010 07:11 PM <DIR> AB831120
01/07/2010 07:11 PM <DIR> BF328E53
01/07/2010 07:12 PM <DIR> C086A0A8
01/07/2010 07:12 PM <DIR> CAA2A27A
01/07/2010 07:12 PM <DIR> CC5EF7B2
01/07/2010 07:12 PM <DIR> D7059F8B
01/07/2010 07:12 PM <DIR> FD82B7DE
01/07/2010 07:12 PM <DIR> FF574A29
0 File(s) 0 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\12FD35EB
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
12/02/2009 09:27 AM 1,119,536 impulse.dll
09/08/2009 10:28 AM 17,209 impulse.uis
09/08/2009 10:28 AM 8,545 Impulse_Login.uis
09/08/2009 10:28 AM 13,619 SDC2.uis
09/09/2009 09:35 AM 46,575 skin.xml
5 File(s) 1,205,484 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\1A799BB5
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 4,065 orb2D.png
09/08/2009 10:28 AM 4,091 orb2M.png
09/08/2009 10:28 AM 3,995 orb2P.png
3 File(s) 12,151 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\35301089
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 5,708 orbD.png
09/08/2009 10:28 AM 5,639 orbO.png
09/08/2009 10:28 AM 5,457 orbP.png
3 File(s) 16,804 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\37EF46F7
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 3,690 orbD.png
09/08/2009 10:28 AM 3,787 orbO.png
09/08/2009 10:28 AM 3,696 orbP.png
3 File(s) 11,173 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\4328B2B6
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 58,279 Achievements.png
09/08/2009 10:28 AM 946 ATI.png
09/08/2009 10:28 AM 8,981 Chat.png
09/08/2009 10:28 AM 11,071 Community.png
09/08/2009 10:28 AM 10,417 Drivers.png
09/08/2009 10:28 AM 39,193 Forums.png
09/08/2009 10:28 AM 9,674 Friends.png
09/08/2009 10:28 AM 8,200 Games.png
09/08/2009 10:28 AM 7,569 MyImpulse.png
09/08/2009 10:28 AM 10,031 News.png
09/08/2009 10:28 AM 3,208 nVidia.png
09/08/2009 10:28 AM 48,397 Rankings.png
12 File(s) 215,966 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\56C68191
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 5,708 orbD.png
09/08/2009 10:28 AM 5,639 orbO.png
09/08/2009 10:28 AM 5,457 orbP.png
3 File(s) 16,804 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\597810BF
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
06/09/2009 07:35 AM 616,696 7z.dll
12/02/2009 09:26 AM 523,120 7za.exe
06/09/2009 07:35 AM 18,724 7zip_license.txt
12/02/2009 09:26 AM 134,000 7zxr.dll
12/02/2009 09:26 AM 420,720 Activate.exe
12/02/2009 09:26 AM 38,256 CleanImpulse.exe
12/02/2009 09:26 AM 1,013,104 Console.dll
12/02/2009 09:26 AM 16,240 DeElevator.dll
12/02/2009 09:26 AM 15,216 DeElevator64.dll
06/09/2009 07:35 AM 220 directskin.txt
06/09/2009 07:35 AM 4,519 eula.txt
12/02/2009 09:26 AM 218,480 ICSharpCode.SharpZipLib.dll
10/26/2009 02:08 PM 456,529 ICSharpCode.SharpZipLib.xml
06/09/2009 07:35 AM 1,868 ILDasm.lnk
12/02/2009 09:26 AM 2,188,656 Impulse.exe
10/27/2009 08:45 AM 4,000 Impulse.exe.config
12/02/2009 09:26 AM 763,248 ImpulseMini.exe
12/02/2009 09:26 AM 570,736 ImpulseSelfRefresh.exe
06/09/2009 07:35 AM 151 ImpulseSelfRefresh.exe.config
12/02/2009 09:26 AM 54,640 Interop.IWshRuntimeLibrary.dll
12/02/2009 09:26 AM 111,984 MyDock.Util.dll
12/02/2009 09:26 AM 456,048 MyDockClose.exe
12/02/2009 09:26 AM 271,728 MyDockLib.dll
12/09/2009 12:29 PM 1,032 readme.txt
12/02/2009 09:26 AM 54,640 Sd.Central.Archive.dll
12/02/2009 09:26 AM 124,272 Sd.Central.Archive.XmlSerializers.dll
12/02/2009 09:26 AM 275,824 sd.central.cvp.server.dll
12/02/2009 09:26 AM 2,225,520 sd.central.cvp.server.XmlSerializers.dll
12/02/2009 09:26 AM 402,800 Sd.Common.dll
12/02/2009 09:26 AM 234,864 Sd.Common.XmlSerializers.dll
12/02/2009 09:26 AM 79,216 Sd.dll
12/02/2009 09:26 AM 111,984 Sd.InstallManager.dll
12/02/2009 09:26 AM 87,408 Sd.InstallManager.XmlSerializers.dll
12/02/2009 09:26 AM 230,768 Sd.Irc.dll
06/09/2009 07:35 AM 3,514 Sd.Irc.xml
12/02/2009 09:26 AM 75,120 Sd.UI.dll
06/09/2009 07:35 AM 2,436 Sd.UI.xml
12/02/2009 09:26 AM 42,352 Sd.Uninstall.dll
12/02/2009 09:26 AM 50,544 Sd.Uninstall.XmlSerializers.dll
12/02/2009 09:26 AM 144,752 Sd.Web.dll
06/09/2009 07:35 AM 5,156 Sd.xml
06/09/2009 07:35 AM 144,696 Sd.Zip.dll
12/02/2009 09:26 AM 34,160 Stardock.Central.Security.dll
12/02/2009 09:26 AM 21,360 StardockCentralDSkin.dll
12/02/2009 09:26 AM 738,672 UninstHelper.exe
12/02/2009 09:26 AM 161,136 VDialog.dll
12/02/2009 09:26 AM 107,888 VistaBridgeLibrary.dll
12/02/2009 09:26 AM 56,176 wbhelp2.dll
12/02/2009 09:26 AM 587,056 wbocx32.ocx
12/02/2009 09:26 AM 30,064 WBOCXLib.dll
50 File(s) 13,932,293 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\6716005D
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 2,856 bg_infobar.png
09/08/2009 10:28 AM 3,860 bg_navigation.png
09/08/2009 10:28 AM 3,031 bg_search.png
09/08/2009 10:28 AM 2,892 bg_tabsbar.png
09/08/2009 10:28 AM 3,319 bg_tabsbar2.png
09/08/2009 10:28 AM 252 bg_tabsbarMargin.xml
09/08/2009 10:28 AM 2,927 bg_url.png
09/08/2009 10:28 AM 2,852 btn_ascending_D.png
09/08/2009 10:28 AM 2,831 btn_ascending_M.png
09/08/2009 10:28 AM 2,831 btn_ascending_P.png
09/08/2009 10:28 AM 2,978 btn_close_small.png
09/08/2009 10:28 AM 2,850 btn_descending_D.png
09/08/2009 10:28 AM 2,835 btn_descending_M.png
09/08/2009 10:28 AM 2,835 btn_descending_P.png
09/08/2009 10:28 AM 2,905 btn_home_D.png
09/08/2009 10:28 AM 2,891 btn_home_M.png
09/08/2009 10:28 AM 2,910 btn_home_P.png
09/08/2009 10:28 AM 4,236 btn_navigationleft_D.png
09/08/2009 10:28 AM 4,189 btn_navigationleft_M.png
09/08/2009 10:28 AM 4,176 btn_navigationleft_P.png
09/08/2009 10:28 AM 3,717 btn_navigationleft_S.png
09/08/2009 10:28 AM 4,235 btn_navigationright_D.png
09/08/2009 10:28 AM 4,175 btn_navigationright_M.png
09/08/2009 10:28 AM 4,184 btn_navigationright_P.png
09/08/2009 10:28 AM 3,691 btn_navigationright_S.png
09/08/2009 10:28 AM 2,981 btn_normal_D.png
09/08/2009 10:28 AM 2,998 btn_normal_M.png
09/08/2009 10:28 AM 3,039 btn_normal_P.png
09/08/2009 10:28 AM 2,974 btn_normal_S.png
09/08/2009 10:28 AM 3,465 btn_refresh_D.png
09/08/2009 10:28 AM 3,899 btn_refresh_M.png
09/08/2009 10:28 AM 3,909 btn_refresh_P.png
09/08/2009 10:28 AM 3,465 btn_reload_D.png
09/08/2009 10:28 AM 3,830 btn_reload_M.png
09/08/2009 10:28 AM 3,833 btn_reload_P.png
09/08/2009 10:28 AM 2,996 btn_search_D.png
09/08/2009 10:28 AM 3,004 btn_search_M.png
09/08/2009 10:28 AM 3,008 btn_search_P.png
09/08/2009 10:28 AM 2,823 btn_selection2_D.png
09/08/2009 10:28 AM 2,981 btn_selection2_M.png
09/08/2009 10:28 AM 2,998 btn_selection2_S.png
09/08/2009 10:28 AM 252 btn_selectionMargin.xml
09/08/2009 10:28 AM 2,844 btn_selection_D.png
09/08/2009 10:28 AM 2,991 btn_selection_M.png
09/08/2009 10:28 AM 3,020 btn_selection_S.png
09/08/2009 10:28 AM 4,065 btn_specialtabs_D.png
09/08/2009 10:28 AM 4,091 btn_specialtabs_M.png
09/08/2009 10:28 AM 3,995 btn_specialtabs_P.png
09/08/2009 10:28 AM 3,190 btn_specialtabs_plain_D.png
09/08/2009 10:28 AM 3,180 btn_specialtabs_plain_M.png
09/08/2009 10:28 AM 3,181 btn_specialtabs_plain_P.png
09/08/2009 10:28 AM 3,183 btn_stop_D.png
09/08/2009 10:28 AM 3,661 btn_stop_M.png
09/08/2009 10:28 AM 3,681 btn_stop_P.png
09/08/2009 10:28 AM 252 btn_style1Margin.xml
09/08/2009 10:28 AM 3,046 btn_style1_M.png
09/08/2009 10:28 AM 3,010 btn_style1_P.png
09/08/2009 10:28 AM 3,039 btn_style1_S.png
09/08/2009 10:28 AM 3,046 btn_style2.png
09/08/2009 10:28 AM 252 btn_style2Margin.xml
09/08/2009 10:28 AM 3,039 btn_style2_M.png
09/08/2009 10:28 AM 3,010 btn_style2_P.png
09/08/2009 10:28 AM 253 btn_tabsMargin.xml
09/08/2009 10:28 AM 3,198 btn_tabs_M.png
09/08/2009 10:28 AM 3,131 btn_tabs_P.png
09/08/2009 10:28 AM 3,181 btn_tabs_S!.png
09/08/2009 10:28 AM 3,163 btn_tabs_S.png
09/08/2009 10:28 AM 3,163 btn_tabs_S2.png
09/08/2009 10:28 AM 2,981 CommunityBottomPane.png
09/08/2009 10:28 AM 4,182 DetailsViewHeader.png
09/08/2009 10:28 AM 2,819 DetailsViewHeaderThin.png
09/08/2009 10:28 AM 2,834 downarrow_white.png
09/08/2009 10:28 AM 3,859 frames_bottom.png
09/08/2009 10:28 AM 3,065 frames_left.png
09/08/2009 10:28 AM 3,062 frames_right.png
09/08/2009 10:28 AM 4,374 frames_top.png
09/08/2009 10:28 AM 3,630 ico_addfriend.png
09/08/2009 10:28 AM 3,023 ico_cart.png
09/08/2009 10:28 AM 2,998 ico_catalogue.png
09/08/2009 10:28 AM 3,788 ico_friends.png
09/08/2009 10:28 AM 3,920 ico_impulse.png
09/08/2009 10:28 AM 3,487 ico_list.png
09/08/2009 10:28 AM 3,764 ico_messages.png
09/08/2009 10:28 AM 4,104 ico_players.png
09/08/2009 10:28 AM 4,013 ico_settings.png
09/08/2009 10:28 AM 2,854 MoreDownArrow.png
09/08/2009 10:28 AM 2,967 nav_back.png
09/08/2009 10:28 AM 406 README.txt
09/08/2009 10:28 AM 2,841 scrollback_horizontal.png
09/08/2009 10:28 AM 2,836 scrollback_vertical.png
09/08/2009 10:28 AM 4,637 ScrollBarArrows.png
09/08/2009 10:28 AM 3,055 ScrollBarArrows_glyph.png
09/08/2009 10:28 AM 3,630 scrollbar_horizontal.png
09/08/2009 10:28 AM 3,564 scrollbar_vertical.png
09/08/2009 10:28 AM 3,095 shadow_horizontal_D.png
09/08/2009 10:28 AM 3,187 shadow_horizontal_M.png
09/08/2009 10:28 AM 3,166 shadow_vertical_D.png
09/08/2009 10:28 AM 3,255 shadow_vertical_M.png
09/08/2009 10:28 AM 3,183 star_off.png
09/08/2009 10:28 AM 3,216 star_on.png
09/08/2009 10:28 AM 3,365 status_away.png
09/08/2009 10:28 AM 3,282 status_away_small.png
09/08/2009 10:28 AM 3,501 status_dnd.png
09/08/2009 10:28 AM 3,353 status_dnd_small.png
09/08/2009 10:28 AM 3,070 status_glass.png
09/08/2009 10:28 AM 2,897 status_glass_small.png
09/08/2009 10:28 AM 3,430 status_ingame.png
09/08/2009 10:28 AM 3,319 status_ingame_small.png
09/08/2009 10:28 AM 3,470 status_offline.png
09/08/2009 10:28 AM 3,336 status_offline_small.png
09/08/2009 10:28 AM 3,442 status_online.png
09/08/2009 10:28 AM 3,366 status_online_small.png
09/08/2009 10:28 AM 2,978 tilebar_chrome.png
09/08/2009 10:28 AM 255 tilebar_chromeMargin.xml
09/08/2009 10:28 AM 2,876 TreeViewNode.png
115 File(s) 360,513 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\757C30BC
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 26,296 about.png
09/08/2009 10:28 AM 1,406 icon_update.ico
09/08/2009 10:28 AM 15,978 impulselogo.png
12/09/2009 08:31 AM 468,272 ImpulseNow.exe
09/08/2009 10:28 AM 1,433,856 ImpulseReactor.dll
12/09/2009 08:31 AM 30,000 SDSecurity.dll
09/08/2009 10:28 AM 358 separator.png
09/08/2009 10:28 AM 4,805 user_pic.png
8 File(s) 1,980,971 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\7A63466D
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
12/02/2009 09:26 AM 9,072 Sd.Irc.resources.dll
1 File(s) 9,072 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\8F9D7312
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 511,292 segoeui.ttf
09/08/2009 10:28 AM 491,860 segoeuib.ttf
09/08/2009 10:28 AM 379,716 segoeuii.ttf
09/08/2009 10:28 AM 392,028 segoeuiz.ttf
4 File(s) 1,774,896 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\951C8FD
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 1,225 impulse.css
09/08/2009 10:28 AM 1,225 sins.css
09/08/2009 10:28 AM 1,225 skin.css
09/08/2009 10:28 AM 1,381 skin.xml
09/08/2009 10:28 AM 209 status.bg.png
09/08/2009 10:28 AM 256 topic.bg.png
6 File(s) 5,521 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\95E3D25
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 2,944 skin.css
09/08/2009 10:28 AM 2,757 skin.xml
09/08/2009 10:28 AM 204 status.bg.png
09/08/2009 10:28 AM 204 topic.bg.png
4 File(s) 6,109 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\96100A2F
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 2,800 ContentSeparator.png
1 File(s) 2,800 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\A6C95F7B
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 1,641 AchievementsRankingsPanel.png
09/08/2009 10:28 AM 3,617 DefaultAchievement.png
09/08/2009 10:28 AM 12,586 DefaultAvatar.png
09/08/2009 10:28 AM 197 EvenStatsRowCell.png
09/08/2009 10:28 AM 2,922 GamesColumn1.png
09/08/2009 10:28 AM 2,879 GamesColumn2.png
09/08/2009 10:28 AM 2,873 GamesColumn3.png
09/08/2009 10:28 AM 2,921 GamesColumnFull.png
09/08/2009 10:28 AM 2,953 GamesHeader.png
09/08/2009 10:28 AM 2,837 GamesListViewD1.png
09/08/2009 10:28 AM 2,838 GamesListViewD2.png
09/08/2009 10:28 AM 3,157 GamesListViewS1.png
09/08/2009 10:28 AM 2,924 GamesListViewS2.png
09/08/2009 10:28 AM 3,102 GamesListViewS3.png
09/08/2009 10:28 AM 3,273 GamesPassword.png
09/08/2009 10:28 AM 184 OddStatsRowCell.png
16 File(s) 50,904 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\AB831120
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
06/09/2009 07:35 AM 176 InternetUnavailable.html
1 File(s) 176 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\BF328E53
01/07/2010 07:11 PM <DIR> .
01/07/2010 07:11 PM <DIR> ..
09/08/2009 10:28 AM 5,538 BaseCategories.xml
1 File(s) 5,538 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\C086A0A8
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
09/08/2009 10:28 AM 2,841 arrows.png
09/08/2009 10:28 AM 4,208 Back.png
09/08/2009 10:28 AM 2,986 CommunityBottomPane.png
09/08/2009 10:28 AM 3,064 CommunityButtonOver.png
09/08/2009 10:28 AM 3,076 CommunityButtonSelected.png
09/08/2009 10:28 AM 2,836 ContentHeader.png
09/08/2009 10:28 AM 4,229 ContentPanel.png
09/08/2009 10:28 AM 2,921 ContentPanel2_Left.png
09/08/2009 10:28 AM 2,923 ContentPanel2_Right.png
09/08/2009 10:28 AM 3,236 DetailsPanelPrimaryD.png
09/08/2009 10:28 AM 3,230 DetailsPanelPrimaryM.png
09/08/2009 10:28 AM 3,209 DetailsPanelPrimaryP.png
09/08/2009 10:28 AM 3,207 DetailsPanelPrimarySD.png
09/08/2009 10:28 AM 3,040 DetailsPanelSecondaryD.png
09/08/2009 10:28 AM 3,184 DetailsPanelSecondaryM.png
09/08/2009 10:28 AM 3,183 DetailsPanelSecondaryP.png
09/08/2009 10:28 AM 3,030 DetailsPanelSecondarySD.png
09/08/2009 10:28 AM 191 DetailsViewHeader.png
09/08/2009 10:28 AM 4,321 Dialog_Login.png
09/08/2009 10:28 AM 3,621 dialog_SNLookup.png
09/08/2009 10:28 AM 3,423 DownloadManager.png
09/08/2009 10:28 AM 3,019 Dropdown.png
09/08/2009 10:28 AM 3,469 Help.png
09/08/2009 10:28 AM 3,633 ImportantButtonPrimaryD.png
09/08/2009 10:28 AM 3,648 ImportantButtonPrimaryM.png
09/08/2009 10:28 AM 3,633 ImportantButtonPrimaryP.png
09/08/2009 10:28 AM 40,638 Impulse_splash.png
09/08/2009 10:28 AM 577 InfoButtonPrimaryD.png
09/08/2009 10:28 AM 578 InfoButtonPrimaryM.png
09/08/2009 10:28 AM 3,887 InfoButtonPrimaryOldD.png
09/08/2009 10:28 AM 3,839 InfoButtonPrimaryOldM.png
09/08/2009 10:28 AM 3,884 InfoButtonPrimaryOldP.png
09/08/2009 10:28 AM 3,877 InfoButtonPrimaryOldSD.png
09/08/2009 10:28 AM 568 InfoButtonPrimaryP.png
09/08/2009 10:28 AM 571 InfoButtonPrimarySD.png
09/08/2009 10:28 AM 595 InfoButtonSecondaryD.png
09/08/2009 10:28 AM 707 InfoButtonSecondaryM.png
09/08/2009 10:28 AM 699 InfoButtonSecondaryP.png
09/08/2009 10:28 AM 587 InfoButtonSecondarySD.png
09/08/2009 10:28 AM 3,353 InternetConnected.png
09/08/2009 10:28 AM 2,963 InternetNotConnected.png
09/08/2009 10:28 AM 3,110 ListButton2M.png
09/08/2009 10:28 AM 3,177 ListButton2S.png
09/08/2009 10:28 AM 3,701 ListButtonM.png
09/08/2009 10:28 AM 3,293 ListButtonRecent2D.png
09/08/2009 10:28 AM 3,629 ListButtonRecent2M.png
09/08/2009 10:28 AM 3,664 ListButtonRecent2S.png
09/08/2009 10:28 AM 3,928 ListButtonRecentD.png
09/08/2009 10:28 AM 4,092 ListButtonRecentM.png
09/08/2009 10:28 AM 4,092 ListButtonRecentS.png
09/08/2009 10:28 AM 3,862 ListButtonS.png
09/08/2009 10:28 AM 56,489 Logo_Icon.png
09/08/2009 10:28 AM 3,203 menu_bg.png
09/08/2009 10:28 AM 3,019 menu_leftbg.png
09/08/2009 10:28 AM 3,012 menu_rightbg.png
09/08/2009 10:28 AM 14,687 menu_ss.png
09/08/2009 10:28 AM 3,104 MinimizeToDockButton.png
09/08/2009 10:28 AM 2,884 MoreDownArrow.png
09/08/2009 10:28 AM 3,571 NavBack.png
09/08/2009 10:28 AM 2,867 NavCloseGlassD.png
09/08/2009 10:28 AM 2,993 NavCloseGlassM.png
09/08/2009 10:28 AM 2,995 NavCloseGlassP.png
09/08/2009 10:28 AM 2,889 NavEntry.png
09/08/2009 10:28 AM 2,809 NavEntryB.png
09/08/2009 10:28 AM 3,049 NavEntryBack.png
09/08/2009 10:28 AM 3,031 NavHomeD.png
09/08/2009 10:28 AM 3,039 NavHomeM.png
09/08/2009 10:28 AM 3,030 NavHomeP.png
09/08/2009 10:28 AM 4,607 NavLD.png
09/08/2009 10:28 AM 4,504 NavLG.png
09/08/2009 10:28 AM 4,595 NavLM.png
09/08/2009 10:28 AM 4,611 NavLP.png
09/08/2009 10:28 AM 4,615 NavRD.png
09/08/2009 10:28 AM 4,551 NavRG.png
09/08/2009 10:28 AM 4,581 NavRM.png
09/08/2009 10:28 AM 4,618 NavRP.png
09/08/2009 10:28 AM 2,934 NavSearchGlassD.png
09/08/2009 10:28 AM 3,110 NavSearchGlassM.png
09/08/2009 10:28 AM 3,104 NavSearchGlassP.png
09/08/2009 10:28 AM 2,863 RatingBullet.png
09/08/2009 10:28 AM 2,888 RatingBulletDim.png
09/08/2009 10:28 AM 2,897 RatingBulletDimSm.png
09/08/2009 10:28 AM 2,868 RatingBulletSm.png
09/08/2009 10:28 AM 2,917 RatingStar.png
09/08/2009 10:28 AM 2,943 RatingStarDim.png
09/08/2009 10:28 AM 2,910 RatingStarDimSm.png
09/08/2009 10:28 AM 2,946 RatingStarLit.png
09/08/2009 10:28 AM 2,898 RatingStarSm.png
09/08/2009 10:28 AM 3,592 RegistrationsD.png
09/08/2009 10:28 AM 3,592 RegistrationsM.png
09/08/2009 10:28 AM 3,592 RegistrationsS.png
09/08/2009 10:28 AM 4,642 SDSWatermark.png
09/08/2009 10:28 AM 2,836 SortArrowDown.png
09/08/2009 10:28 AM 2,831 SortArrowUp.png
09/08/2009 10:28 AM 2,884 Status.png
09/08/2009 10:28 AM 2,879 StatusInDetailsView.png
09/08/2009 10:28 AM 2,890 StatusS.png
09/08/2009 10:28 AM 3,334 SubTabBar.png
09/08/2009 10:28 AM 3,098 SubTabBlackN.png
09/08/2009 10:28 AM 2,836 SubTabDownArrow.png
09/08/2009 10:28 AM 3,094 SubTabM.png
09/08/2009 10:28 AM 3,114 SubTabN.png
09/08/2009 10:28 AM 3,119 SubTabS.png
09/08/2009 10:28 AM 3,198 TabM.png
09/08/2009 10:28 AM 3,139 TabRedD.png
09/08/2009 10:28 AM 3,192 TabRedM.png
09/08/2009 10:28 AM 3,325 TabRedS.png
09/08/2009 10:28 AM 3,131 TabS.png
09/08/2009 10:28 AM 2,978 tilebar_chrome.png
09/08/2009 10:28 AM 3,210 tooltip_bg.png
09/08/2009 10:28 AM 3,945 Update.png
09/08/2009 10:28 AM 7,352 WebLoading.png
09/08/2009 10:28 AM 7,734 WebLoadingWhite.png
113 File(s) 465,400 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\CAA2A27A
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
09/08/2009 10:28 AM 6,006 orbD.png
09/08/2009 10:28 AM 5,699 orbO.png
09/08/2009 10:28 AM 5,876 orbP.png
3 File(s) 17,581 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\CC5EF7B2
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
09/08/2009 10:28 AM 2,818 orbD.png
09/08/2009 10:28 AM 2,798 orbO.png
09/08/2009 10:28 AM 2,816 orbP.png
3 File(s) 8,432 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\D7059F8B
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
09/08/2009 10:28 AM 99 #demigod.css
09/08/2009 10:28 AM 15,784 #demigod.png
09/08/2009 10:28 AM 97 #galciv.css
09/08/2009 10:28 AM 64,857 #galciv.png
09/08/2009 10:28 AM 14 #impulse.css
09/08/2009 10:28 AM 89 #pm.css
09/08/2009 10:28 AM 62,170 #pm.png
09/08/2009 10:28 AM 89 #polmachine.css
09/08/2009 10:28 AM 62,170 #polmachine.png
09/08/2009 10:28 AM 93 #sins.css
09/08/2009 10:28 AM 126,983 #sins.jpg
09/08/2009 10:28 AM 39,142 #sins.png
09/08/2009 10:28 AM 101 #stardock.css
09/08/2009 10:28 AM 24,798 #stardock.png
09/08/2009 10:28 AM 2,069 buffer.bg.png
09/08/2009 10:28 AM 366 channels.hilite.png
09/08/2009 10:28 AM 2,968 skin.css
09/08/2009 10:28 AM 2,696 skin.xml
09/08/2009 10:28 AM 213 status.bg.png
09/08/2009 10:28 AM 213 topic.bg.png
09/08/2009 10:28 AM 365 users.hilite.png
21 File(s) 405,376 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\FD82B7DE
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
09/08/2009 10:28 AM 7,486 orbD.png
09/08/2009 10:28 AM 6,563 orbO.png
09/08/2009 10:28 AM 7,274 orbP.png
3 File(s) 21,323 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\86D01CB6\FF574A29
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
09/08/2009 10:28 AM 78,784 buttons.tga
09/08/2009 10:28 AM 8,156 checkbox.tga
09/08/2009 10:28 AM 3,116 close.tga
09/08/2009 10:28 AM 49 eSpeed_skin.toolbarIcons
09/08/2009 10:28 AM 8,192 FrameBottom.bmp
09/08/2009 10:28 AM 6,196 FrameLeft.bmp
09/08/2009 10:28 AM 6,196 FrameRight.bmp
09/08/2009 10:28 AM 92,264 FrameTop.bmp
09/08/2009 10:28 AM 8,545 Impulse_Login.uis
09/08/2009 10:28 AM 8,120 sunkedge.bmp
10 File(s) 219,618 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\8EC17391
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
01/07/2010 07:12 PM <DIR> 2E363737
01/07/2010 07:12 PM <DIR> 5C919A8C
01/07/2010 07:12 PM <DIR> 95AD53A6
01/07/2010 07:12 PM <DIR> A1E6E998
01/07/2010 07:12 PM <DIR> CA456A30
0 File(s) 0 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\8EC17391\2E363737
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
08/14/2009 12:22 PM 72,620 impulse_main.xml
1 File(s) 72,620 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\8EC17391\5C919A8C
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
08/14/2009 12:22 PM 19,755 2kg.xml
08/17/2009 01:45 PM 25,251 activision.xml
07/22/2009 10:42 AM 5,283 alawar.xml
07/22/2009 10:42 AM 2,463 amd.xml
07/22/2009 10:42 AM 15,184 auran.xml
08/18/2009 12:55 PM 6,108 avg.xml
07/22/2009 10:42 AM 4,705 blitzgames.xml
07/22/2009 10:42 AM 20,071 capcom.xml
08/14/2009 12:22 PM 3,399 cdp.xml
07/22/2009 10:42 AM 7,642 cdv.xml
07/22/2009 10:42 AM 76,366 cinemaware.xml
07/22/2009 10:42 AM 4,930 clearcrown.xml
07/22/2009 10:42 AM 23,445 corel.xml
07/22/2009 10:42 AM 23,549 cypron.xml
07/22/2009 10:42 AM 5,292 d3p.xml
07/22/2009 10:42 AM 38,037 dreamcatch.xml
08/17/2009 07:46 AM 84,448 drengin.xml
07/22/2009 10:42 AM 6,269 ea.xml
07/22/2009 10:42 AM 41,500 enl.xml
07/22/2009 10:42 AM 30,665 epic.xml
08/14/2009 12:22 PM 9,151 freestuff.xml
08/18/2009 12:55 PM 47 futurem.xml
07/22/2009 10:42 AM 24,808 gamehouse.xml
07/22/2009 10:42 AM 7,097 gsoft.xml
07/22/2009 10:42 AM 18,004 hothead.xml
08/18/2009 12:54 PM 11,253 impulse.xml
08/14/2009 12:22 PM 262,251 indies.xml
07/22/2009 10:42 AM 8,226 iolo.xml
08/18/2009 12:55 PM 44 isv.xml
08/17/2009 07:46 AM 39,494 kalypso.xml
08/14/2009 12:22 PM 43,111 light.xml
07/22/2009 10:42 AM 202,935 meridian4.xml
07/22/2009 10:42 AM 29,936 merscom.xml
07/22/2009 10:42 AM 12,422 muzzylane.xml
08/14/2009 12:23 PM 465,031 mycolors.xml
08/18/2009 12:55 PM 44 myoffice.xml
08/18/2009 12:55 PM 25,786 networks.xml
07/22/2009 10:42 AM 18,308 nival.xml
08/14/2009 12:22 PM 162,533 odnt.xml
07/22/2009 11:00 AM 60,080 odntbasic.xml
08/14/2009 12:22 PM 71,726 paradox.xml
07/22/2009 10:42 AM 18,654 positech.xml
07/22/2009 10:42 AM 2,579 rlx.xml
07/22/2009 10:59 AM 10,276 sap.xml
11/18/2008 01:23 PM 1,710 sdcentral.xml
08/14/2009 12:22 PM 76,828 sds.xml
07/22/2009 10:42 AM 382 servers.xml
07/22/2009 10:42 AM 6,432 siber.xml
07/22/2009 10:42 AM 6,972 snowball.xml
07/22/2009 10:42 AM 59,136 stratfirst.xml
08/18/2009 12:55 PM 14,684 tdesk.xml
07/22/2009 10:42 AM 91,061 thq.xml
07/22/2009 10:42 AM 21,153 tiltedm.xml
07/22/2009 10:42 AM 65,493 topware.xml
07/22/2009 10:42 AM 6,777 trisynergy.xml
08/14/2009 12:22 PM 29,804 ubi.xml
07/29/2009 02:06 PM 17,651 viva.xml
07/22/2009 10:42 AM 12,767 wargaming.xml
08/14/2009 12:22 PM 3,561 wc.xml
59 File(s) 2,362,569 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\8EC17391\95AD53A6
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
08/18/2009 12:54 PM 113,600 impulse_images.xml
1 File(s) 113,600 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\8EC17391\A1E6E998
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
06/09/2009 07:34 AM 61 impulse_images.ini
06/09/2009 07:34 AM 61 impulse_logic.ini
12/09/2009 08:30 AM 59 impulse_main.ini
3 File(s) 181 bytes
Directory of C:\Documents and Settings\All Users\Application Data\{E729B920-82B7-4745-BB91-ADFAE44EF2DC}\OFFLINE\8EC17391\CA456A30
01/07/2010 07:12 PM <DIR> .
01/07/2010 07:12 PM <DIR> ..
07/22/2009 02:04 PM 10,746 t7sw.xml
1 File(s) 10,746 bytes
Total Files Listed:
465 File(s) 33,266,998 bytes
95 Dir(s) 356,990,504,960 bytes free
C:\Documents and Settings\Brett\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brett\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: All Users

User: Brett
->Flash cache emptied: 11624 bytes

User: Default User

User: Guest

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Brett
->Java cache emptied: 0 bytes

User: Default User

User: Guest

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02052012_053032

#36 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,666
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 05 February 2012 - 07:02 AM

Hello,

Great! Glad to hear that worked!

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates


  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.


  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#37 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,666
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 10 February 2012 - 04:09 AM

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users