Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help... Win32 .Patched-LF(Trj) and JS/FakeAlert.dldr.a...


  • This topic is locked This topic is locked
34 replies to this topic

#1 Lady_Avalon

Lady_Avalon

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 24 October 2009 - 11:10 PM

Hello,

I have an Acer Laptop running Windows Vista Home Premium. It is a 32 bit operating system.

My problem started when I surfed onto a page where I received an alert from my Avast virus detector that a trogen (Win32 Patched-LF [Trj]) had been detected. Normally Avast would stop the connection to the page but for some reason it didn't. I moved the infected file to the Avast chest. Then tried to close the page which I was unable to do and I could not even close the Firefox browser, then the loptop froze. On reboot I restarted the browser and of course firefox automatically restored the pages I had up and I received the same alert. but this time I was able to close the page before It could freeze the laptop. After this I proceeded to do a through virus scan on the system.

I was in total shock at all the Viruses the Avast let slip through. There were a total of 22 infected temp files in the Windows temp Folder and each where infected with a Malware Gen and JS/FakeAlert.dldr.a. I moved them the the Chest then deleted them. These temp files had names like abon.temp or robt.temp. When I opened Windows Temp folder there are about 737 temp files like this.

Thinking that Avast no longer worked like it should I tried several other virus detectors and cleared more viruses off the laptop I even ran the Agent GUI Disinfect tool which detected two other viruses. I then bought McAfee and installed it. So far it has not detected any viruses. I've ran Spybot Search & Destory and Ad-ware which detected only two cookie related items.

I was pretty sure that I was virus spyware free at this point and that all was well but now my laptop lags so bad that it takes at least a full minute or two to pull up the security check if I try to run a program at admin level. and some times while I waiting the laptop to reboot. other times the laptop can be idle and will just all of a sudden reboot with out any activity. I have done just about everything I know to do I even tried several system restores which did nothing. I would greatly appreicate any help you can offer.

I have run the HiJackThis and here are the results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:19 PM, on 10/24/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 6817 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:17 AM

Posted 01 November 2009 - 03:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Lady_Avalon

Lady_Avalon
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 01 November 2009 - 06:36 PM

Hello

Thank you for the quick reply. I have done as you asked and here is my situation.

I have an Acer Laptop running Windows Vista Home Premium. It is a 32 bit operating system.

My problem started when I surfed onto a page where I received an alert from my Avast virus detector that a trojan (Win32 Patched-LF [Trj]) had been detected along with several others including JS/FakeAlert.dldr.a. The page looked as if it was running a scan of some kind on my laptop it also looked as if it had pulled several folders out of my documents folder.. Normally Avast would stop the connection to the page but for some reason it didn't. I moved the infected file to the Avast chest. Then tried to close the page which I was unable to do and I could not even close the Firefox browser, then the loptop froze so I proceeded in doing a hard boot by shutting down using the start button. On reboot I restarted the browser and of course Firefox auotmatically restored the pages I had up and I received the same alert along with the same infection. This time I was able to close the page before It could freeze the laptop. After this I proceeded to do a through virus scan on the system.

I was in total shock at all the Viruses the Avast let slip through. There were a total of 22 infected temp files in the Windows temp Folder and each where infected with a Malware Gen. I moved them to the Chest then deleted them. These temp files had names like abon.temp or robt.temp. When I opened The main Windows Temp folder (not the users Temp Folder "%temp%") there where about 737 temp files like this. During my scheduled Tuneup Utilities maintenance these files were deleted.

Thinking that Avast no longer worked like it should I tried several other virus detectors and cleared more viruses off the laptop I even ran the Agent GUI Desinfect tool which detected two other viruses. I then bought McAfee and installed it. So far it has not detected any viruses. I've ran Spybot Search & Destory and Ad-ware which detected only two cookie related items.

I was pretty sure that I was virus & spyware free at this point and that all was well but now my laptop lags so bad that it takes at least a full minute or two to pull up the security check if I try to run a program at admin level. and some times while I waiting the laptop will reboot. Other times the laptop can be idle and will just all of a sudden reboot with out any activity.

I have found out that when I connect to the internet for some reason my CPU Usage will spike to where it runs at almost 100% continueously this is usually when the rebooting happens, but when I'm not connected to the internet the CPU Usage is normal. 1% to 20% depending on what I'm doing. I've used both Wireless connection and ethernet with the same results. I did a test and If I can disconnect from the net quick enough the CPU Usage will slowly return back to normal. I can stay connected for about 30 minutes some time less. Did that make any sense? And If I'm connected and try to ctrl, alt, del, to pull up the start task manager I get an error that says " Failure: Security Option" This will happen 4 out of 5 tries. It doesn't make sense to me and I consider my self pretty computer knowledgeable.

Here re the OTL Scan results


OTL logfile created on: 11/1/2009 5:30:35 PM - Run 1
OTL by OldTimer - Version 3.1.2.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.68 Mb Total Physical Memory | 243.37 Mb Available Physical Memory | 31.78% Memory free
1.75 Gb Paging File | 1.10 Gb Available in Paging File | 62.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 55.59 Gb Free Space | 49.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TNL-LAPTOP
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/01 17:26:40 | 00,527,360 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2009/10/13 14:12:41 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
PRC - [2009/10/02 12:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/29 16:12:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/08/18 15:53:48 | 00,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/07/24 10:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Win32 Services (SafeList) ==========

SRV - File not found --
SRV - [2009/10/30 04:54:51 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
SRV - [2009/10/13 14:12:46 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
SRV - [2009/10/13 14:12:41 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
SRV - [2009/10/02 12:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
SRV - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
SRV - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
SRV - [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
SRV - [2009/07/20 11:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
SRV - [2009/07/15 10:48:20 | 00,029,000 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
SRV - [2009/03/29 23:42:10 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SRV - [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
SRV - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
SRV - [2009/01/29 16:12:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
SRV - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
SRV - [2007/07/24 10:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll


========== Driver Services (SafeList) ==========

DRV - [2009/09/30 05:53:12 | 01,184,768 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
DRV - [2009/09/23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
DRV - [2009/08/05 21:48:42 | 00,054,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
DRV - [2009/07/16 11:32:26 | 00,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
DRV - [2009/06/17 11:56:32 | 00,028,560 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LUsbFilt.sys
DRV - [2009/06/17 11:56:16 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LMouFilt.Sys
DRV - [2009/06/17 11:56:06 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LHidFilt.Sys
DRV - [2009/06/16 17:14:18 | 02,375,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
DRV - [2009/01/29 16:12:00 | 07,544,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
DRV - [2008/08/01 18:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys
DRV - [2008/06/24 14:55:12 | 00,047,104 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
DRV - [2008/01/19 00:53:39 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
DRV - [2008/01/19 00:49:39 | 00,521,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xnacc.sys
DRV - [2007/08/28 16:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xusb21.sys
DRV - [2007/07/30 10:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
DRV - [2007/03/28 06:51:40 | 00,043,008 | ---- | M] (Winbond Electronics Corporation) -- C:\Windows\System32\drivers\winbondcir.sys
DRV - [2007/03/21 21:02:04 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys
DRV - [2003/10/31 02:08:12 | 00,027,519 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\RTL8150.SYS


========== Modules (SafeList) ==========

MOD - [2009/11/01 17:26:40 | 00,527,360 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/02/11 10:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://go.microsoft.com/fwlink/?LinkId=69157 [binary data]
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 95 F5 F0 42 59 CA 01 [binary data]
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\S-1-5-21-701379567-377844740-1610885016-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-701379567-377844740-1610885016-1000\S-1-5-21-701379567-377844740-1610885016-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://splashworks.4gigs.com|http://www.myway.com/index1.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: abhere2@moztw.org:3.5.20090920
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..extensions.enabledItems: {069FB356-C69F-7349-D092-AB28AF836D0E}:0.9.028
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/23 14:46:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 07:53:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 07:53:23 | 00,000,000 | ---D | M]

[2009/08/24 04:37:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\moveplayer@movenetworks.com
[2009/09/18 15:36:13 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\gmailthis@lazyrussian.com
[2009/10/25 01:44:45 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\abhere2@moztw.org-trash
[2009/10/25 01:44:44 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\abhere2@moztw.org
[2009/08/14 12:44:51 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/04 15:07:54 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/25 21:20:29 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/24 18:32:25 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/11 19:44:56 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2009/10/27 22:19:45 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2009/10/31 19:57:22 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions
[2009/03/12 13:01:20 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\gmailthis@lazyrussian.com
[2009/03/12 12:02:51 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\abhere2@moztw.org
[2009/03/12 11:58:34 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/12 12:54:22 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/12 13:24:23 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2009/03/12 13:24:43 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions
[2009/03/12 11:48:30 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/12 11:48:30 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2009/03/12 11:48:30 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2009/03/12 11:48:30 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/12 13:24:43 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions
[2009/03/12 13:24:23 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2009/03/12 12:54:22 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/12 11:58:34 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/12 12:02:51 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\abhere2@moztw.org
[2009/03/12 13:01:20 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\23d3wpo4.default\extensions\gmailthis@lazyrussian.com
[2009/10/31 19:57:22 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions
[2009/10/27 22:19:45 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2009/08/11 19:44:56 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{069FB356-C69F-7349-D092-AB28AF836D0E}
[2009/06/24 18:32:25 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/25 21:20:29 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/04 15:07:54 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/14 12:44:51 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/25 01:44:44 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\abhere2@moztw.org
[2009/10/25 01:44:45 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\abhere2@moztw.org-trash
[2009/09/18 15:36:13 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\gmailthis@lazyrussian.com
[2009/08/24 04:37:46 | 00,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\extensions\moveplayer@movenetworks.com
[2009/10/18 23:06:32 | 00,002,171 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\searchplugins\bing.xml
[2009/10/17 03:23:01 | 00,001,859 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djxjv0r0.default\searchplugins\searchgeek.xml
[2009/08/08 14:31:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/03/24 21:26:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/12 19:29:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/10/29 07:53:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/21 21:32:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/21 21:32:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 07:53:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/12 19:29:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/24 21:26:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/08 14:31:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/29 07:53:04 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 07:53:05 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/07/17 03:40:12 | 00,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 17:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/29 07:53:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/21 07:24:52 | 00,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/29 18:10:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/29 18:10:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/29 18:10:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/29 18:10:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/29 18:10:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/29 18:10:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/29 18:10:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/06/24 06:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/06/24 06:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/24 06:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/06/24 06:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/06/24 06:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/06/24 06:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/06/24 06:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (344090 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11797 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-701379567-377844740-1610885016-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-701379567-377844740-1610885016-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.76.227.40 208.180.42.68
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{61d83391-0e9b-11de-87b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{61d83391-0e9b-11de-87b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{ca73fa7e-0ea0-11de-8dbd-d36f9ea65d9d}\Shell\AutoRun - "" = Autorun
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/01 17:26:37 | 00,527,360 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2009/11/01 05:05:33 | 00,000,000 | ---D | C] -- C:\Users\user\Desktop\HJT Info
[2009/10/31 20:45:26 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\My Corel Shows
[2009/10/31 20:45:23 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Corel
[2009/10/31 20:31:27 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\My PSP Files
[2009/10/31 20:31:27 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Corel
[2009/10/31 20:26:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2009/10/31 20:26:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel
[2009/10/31 20:26:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Corel
[2009/10/31 20:26:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2009/10/31 20:22:00 | 00,000,000 | ---D | C] -- C:\Program Files\Corel
[2009/10/31 20:21:28 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\InstallShield
[2009/10/31 02:39:54 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\A03 - Sims Projects
[2009/10/30 04:56:00 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/10/27 22:33:25 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Okeanos
[2009/10/27 22:30:34 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Sims 3 Package Explorer
[2009/10/27 19:00:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/27 18:57:41 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/10/27 18:57:34 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/10/27 18:57:33 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/10/27 18:56:14 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/10/27 18:56:13 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/10/27 18:56:06 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/10/27 18:56:05 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/27 18:55:58 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/10/27 18:55:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/10/27 18:55:56 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/10/27 18:55:56 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/10/27 18:55:55 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/10/27 18:55:55 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/10/27 18:55:55 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/10/27 18:55:55 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/10/27 18:55:55 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/10/27 18:55:55 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/10/27 18:55:54 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/10/27 18:55:54 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/10/27 18:55:54 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/10/27 18:55:53 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/10/27 18:55:53 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/10/27 18:55:53 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/10/27 18:55:53 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/10/27 18:55:53 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/10/27 18:55:52 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/10/27 18:55:52 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/10/27 18:55:52 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/10/27 18:55:52 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/10/27 18:55:52 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/10/27 18:55:00 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/10/27 18:54:59 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/10/27 18:54:59 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/10/27 18:54:40 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/10/27 18:54:23 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/10/27 18:54:22 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/10/27 18:54:22 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/10/27 18:54:22 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/10/27 18:54:22 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/10/27 18:54:22 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/10/27 18:54:22 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/10/27 18:54:21 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/10/27 18:51:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/27 18:51:51 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/27 18:51:51 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/27 18:31:36 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/27 18:31:29 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/27 18:31:21 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/23 20:02:39 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Logitech
[2009/10/23 20:01:53 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Leadertech
[2009/10/23 20:01:25 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/10/23 20:01:25 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/10/23 19:59:05 | 00,301,656 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\BtCoreIf.dll
[2009/10/23 19:58:56 | 00,170,512 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\kemutb.dll
[2009/10/23 19:58:56 | 00,145,936 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemUtil.dll
[2009/10/23 19:58:56 | 00,117,264 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemWnd.dll
[2009/10/23 19:58:56 | 00,084,496 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemXML.dll
[2009/10/23 19:58:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2009/10/23 19:58:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2009/10/23 19:58:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2009/10/23 19:50:06 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/10/23 19:25:44 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/10/23 17:02:55 | 01,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2009/10/23 17:02:54 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2009/10/23 17:02:54 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2009/10/23 17:02:53 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2009/10/23 17:02:53 | 00,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2009/10/23 17:02:52 | 00,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2009/10/23 17:02:51 | 02,375,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/10/23 17:02:50 | 01,168,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2009/10/23 17:02:50 | 00,048,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2009/10/23 17:02:49 | 00,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2009/10/23 17:02:46 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2009/10/23 17:02:46 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2009/10/23 17:02:45 | 01,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2009/10/23 17:02:45 | 00,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2009/10/23 17:02:45 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2009/10/23 17:02:44 | 00,159,232 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2009/10/23 17:02:44 | 00,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2009/10/23 17:02:44 | 00,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2009/10/23 02:21:27 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ApplicationHistory
[2009/10/23 02:17:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009/10/23 01:09:07 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/10/23 01:09:06 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/10/23 01:05:36 | 02,899,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/10/22 22:51:31 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\My Drivers
[2009/10/22 18:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\MilkShape 3D 1.8.5
[2009/10/22 01:14:21 | 00,037,376 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2009/10/21 22:52:26 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2009/10/21 13:16:05 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/21 13:16:05 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/10/21 13:11:59 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/10/21 13:11:59 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/10/21 13:11:59 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/10/21 13:11:53 | 00,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2009/10/21 13:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/21 13:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/10/21 13:11:14 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/21 13:03:33 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/10/21 12:34:42 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/21 12:34:42 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/21 02:40:25 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\MilkShape 3D 1.x.x
[2009/10/20 23:50:26 | 00,047,104 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2009/10/20 23:08:34 | 00,043,008 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2009/10/20 00:03:06 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Sophos
[2009/10/19 23:24:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2009/10/19 23:24:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2009/10/19 22:12:53 | 02,988,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwssr.dll
[2009/10/19 22:12:53 | 00,221,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\oemdspif.dll
[2009/10/19 22:12:52 | 02,697,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwss.dll
[2009/10/19 22:12:50 | 02,503,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2009/10/19 22:12:49 | 04,155,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvsr.dll
[2009/10/19 22:12:47 | 03,770,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvs.dll
[2009/10/19 22:12:46 | 00,929,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2009/10/19 22:12:46 | 00,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2009/10/19 22:12:45 | 09,019,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2009/10/19 22:12:41 | 02,861,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmoblsr.dll
[2009/10/19 22:12:40 | 01,255,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmobls.dll
[2009/10/19 22:12:36 | 00,465,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccssr.dll
[2009/10/19 22:12:36 | 00,236,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccs.dll
[2009/10/19 22:12:36 | 00,195,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccss.dll
[2009/10/19 22:12:36 | 00,045,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccsrs.dll
[2009/10/19 22:12:35 | 07,544,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2009/10/19 22:12:33 | 03,463,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgamesr.dll
[2009/10/19 22:12:33 | 00,096,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll
[2009/10/19 22:12:32 | 03,451,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgames.dll
[2009/10/19 22:12:23 | 05,806,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispsr.dll
[2009/10/19 22:12:21 | 04,000,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdisps.dll
[2009/10/19 22:12:18 | 01,470,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2009/10/19 22:12:09 | 13,605,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2009/10/19 22:12:05 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcolor.exe
[2009/10/19 22:12:05 | 00,135,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod138.dll
[2009/10/19 22:12:05 | 00,135,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2009/10/19 22:00:12 | 00,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2009/10/19 22:00:12 | 00,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2009/10/19 19:02:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2009/10/19 19:02:17 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Innovative Solutions
[2009/10/19 19:02:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2009/10/19 16:12:56 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\RadarSync
[2009/10/19 00:19:15 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/10/19 00:19:15 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/10/19 00:19:04 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/10/18 22:45:23 | 00,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009/10/18 22:17:27 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/18 22:05:45 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\CBS Interactive
[2009/10/18 14:39:45 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MigWiz
[2009/10/17 23:51:08 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/17 23:51:08 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PC Tools
[2009/10/17 23:51:08 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/10/17 23:51:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/17 21:53:41 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/16 03:14:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/14 02:59:24 | 00,087,656 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/10/14 02:59:18 | 00,097,208 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2009/10/14 02:57:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools(11)
[2009/10/14 02:57:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/13 21:39:58 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\X01- Move to Box
[2009/10/13 21:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/13 20:42:19 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/10/13 20:39:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/13 20:39:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/13 20:38:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/13 20:38:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/10/13 20:38:39 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/13 14:12:45 | 00,604,488 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009/10/13 14:12:43 | 00,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2009/10/13 14:12:43 | 00,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup(492).dll
[2009/10/13 14:12:41 | 00,361,288 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/10/13 13:47:32 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2009/10/13 13:41:39 | 00,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2009/10/13 13:41:39 | 00,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu(458).dll
[2009/10/13 13:41:25 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2009/10/13 13:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/10/13 13:40:30 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009/10/13 13:40:30 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009/10/13 13:38:57 | 00,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/13 13:38:57 | 00,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/13 13:17:31 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Uniblue
[2009/10/13 12:32:09 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/13 12:31:43 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/13 12:31:42 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/13 12:30:35 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/13 12:30:30 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/13 12:30:28 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/13 12:30:28 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/13 12:30:27 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/13 12:30:25 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/13 12:30:25 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/13 12:30:24 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/13 12:30:23 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/13 12:30:22 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/13 12:30:21 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/13 12:30:20 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/13 12:30:20 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/10/13 12:30:20 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/13 12:30:19 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/10/13 12:30:19 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/13 12:30:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/10/13 12:30:18 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/13 12:30:18 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/10/13 12:30:18 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/10/13 12:30:09 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/13 12:29:59 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/13 12:29:52 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/10 14:47:56 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/10/10 14:47:56 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/10/10 14:47:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools(16)
[2009/10/09 13:36:07 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\IsolatedStorage
[2009/10/09 13:25:06 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Ibibi_HB
[2009/10/09 13:25:05 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TSRWorkshop
[2009/10/09 13:24:45 | 00,000,000 | ---D | C] -- C:\Program Files\The Sims Resource
[2009/10/09 13:22:02 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2009/10/09 13:22:02 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2009/10/09 13:22:01 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2009/10/09 13:22:00 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2009/10/09 13:22:00 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009/10/09 13:22:00 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2009/10/09 13:21:58 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll

========== Files - Modified Within 30 Days ==========

[2009/11/01 17:30:28 | 08,126,464 | ---- | M] () -- C:\Users\user\NTUSER.DAT
[2009/11/01 17:28:45 | 00,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/01 17:28:45 | 00,604,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/01 17:28:45 | 00,105,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/01 17:26:40 | 00,527,360 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2009/11/01 17:25:30 | 00,009,599 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/11/01 17:22:44 | 00,093,608 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/01 17:22:44 | 00,093,608 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/01 17:22:44 | 00,093,608 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/01 17:22:44 | 00,093,608 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/01 17:22:44 | 00,000,508 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/11/01 17:21:38 | 00,005,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 17:21:37 | 00,005,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 17:21:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/01 17:20:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/01 17:17:27 | 02,062,810 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2009/11/01 12:11:57 | 00,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/01 12:11:57 | 00,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/01 12:11:36 | 00,000,088 | RHS- | M] () -- C:\ProgramData\F3D215450D.sys
[2009/11/01 12:11:36 | 00,000,088 | RHS- | M] () -- C:\ProgramData\F3D215450D.sys
[2009/11/01 12:07:40 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{caf36ae4-c4dd-11de-bb6e-892af81621d9}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 12:07:40 | 00,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{caf36ae4-c4dd-11de-bb6e-892af81621d9}.TM.blf
[2009/10/30 04:55:51 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/10/30 04:48:55 | 00,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/29 22:25:58 | 13,081,6007 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/10/29 18:19:46 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{caf36ae4-c4dd-11de-bb6e-892af81621d9}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 18:13:35 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{1dfc028c-bdc4-11de-8e2d-001e680acb43}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 18:13:35 | 00,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{1dfc028c-bdc4-11de-8e2d-001e680acb43}.TM.blf
[2009/10/29 09:43:18 | 00,001,295 | ---- | M] () -- C:\Users\user\Desktop\s3rc - Shortcut.lnk
[2009/10/27 18:59:48 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/25 02:55:51 | 00,000,015 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/10/23 20:00:52 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2009/10/23 20:00:51 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/10/23 02:21:32 | 00,000,092 | ---- | M] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2009/10/23 01:07:46 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2009/10/22 18:55:22 | 00,001,904 | ---- | M] () -- C:\Users\Public\Desktop\TSR Workshop.lnk
[2009/10/22 18:33:11 | 00,000,852 | ---- | M] () -- C:\Users\user\Desktop\MilkShape 3D 1.8.5.lnk
[2009/10/21 13:37:58 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/21 13:16:09 | 00,000,811 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/10/21 13:15:17 | 00,000,806 | ---- | M] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk
[2009/10/20 20:49:32 | 00,000,104 | ---- | M] () -- C:\Users\user\Desktop\Recycle Bin - Shortcut.lnk
[2009/10/20 17:23:15 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{1dfc028c-bdc4-11de-8e2d-001e680acb43}.TMContainer00000000000000000002.regtrans-ms
[2009/10/20 17:10:34 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3862d670-b82a-11de-a1e4-001e680acb43}.TMContainer00000000000000000001.regtrans-ms
[2009/10/20 17:10:34 | 00,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3862d670-b82a-11de-a1e4-001e680acb43}.TM.blf
[2009/10/19 15:24:17 | 00,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/10/19 13:11:06 | 00,344,090 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/10/19 12:40:10 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/10/19 00:49:12 | 00,000,163 | ---- | M] () -- C:\Windows\win.ini
[2009/10/18 14:53:46 | 07,340,032 | -HS- | M] () -- C:\Users\user\ntuser.dat_previous
[2009/10/18 14:51:00 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/10/18 14:51:00 | 00,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/10/13 21:19:41 | 00,343,716 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091019-141105.backup
[2009/10/13 15:25:16 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3862d670-b82a-11de-a1e4-001e680acb43}.TMContainer00000000000000000002.regtrans-ms
[2009/10/13 14:12:46 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009/10/13 14:12:41 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/10/08 18:12:09 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2009/10/08 16:08:01 | 00,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/08 16:08:01 | 00,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/08 16:07:59 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

========== Files Created - No Company Name ==========

[2009/10/31 20:34:33 | 00,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 20:34:33 | 00,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 20:34:33 | 00,000,088 | RHS- | C] () -- C:\ProgramData\F3D215450D.sys
[2009/10/31 20:34:33 | 00,000,088 | RHS- | C] () -- C:\ProgramData\F3D215450D.sys
[2009/10/30 05:04:16 | 02,062,810 | -H-- | C] () -- C:\Users\user\AppData\Local\IconCache.db
[2009/10/29 22:25:58 | 13,081,6007 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/10/29 18:15:41 | 00,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{caf36ae4-c4dd-11de-bb6e-892af81621d9}.TMContainer00000000000000000002.regtrans-ms
[2009/10/29 18:15:41 | 00,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{caf36ae4-c4dd-11de-bb6e-892af81621d9}.TMContainer00000000000000000001.regtrans-ms
[2009/10/29 18:15:41 | 00,065,536 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{caf36ae4-c4dd-11de-bb6e-892af81621d9}.TM.blf
[2009/10/29 09:43:18 | 00,001,295 | ---- | C] () -- C:\Users\user\Desktop\s3rc - Shortcut.lnk
[2009/10/27 18:59:48 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/25 02:52:24 | 00,000,015 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/10/23 20:00:52 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2009/10/23 20:00:51 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/10/23 02:21:32 | 00,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2009/10/23 01:07:46 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2009/10/22 18:33:11 | 00,000,852 | ---- | C] () -- C:\Users\user\Desktop\MilkShape 3D 1.8.5.lnk
[2009/10/21 13:17:06 | 00,009,599 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/10/21 13:16:09 | 00,000,811 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/10/21 13:15:17 | 00,000,806 | ---- | C] () -- C:\Users\Public\Desktop\McAfee EasyNetwork.lnk
[2009/10/21 13:11:38 | 00,000,338 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/20 20:49:32 | 00,000,104 | ---- | C] () -- C:\Users\user\Desktop\Recycle Bin - Shortcut.lnk
[2009/10/20 17:12:30 | 00,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{1dfc028c-bdc4-11de-8e2d-001e680acb43}.TMContainer00000000000000000002.regtrans-ms
[2009/10/20 17:12:30 | 00,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{1dfc028c-bdc4-11de-8e2d-001e680acb43}.TMContainer00000000000000000001.regtrans-ms
[2009/10/20 17:12:30 | 00,065,536 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{1dfc028c-bdc4-11de-8e2d-001e680acb43}.TM.blf
[2009/10/19 22:12:50 | 00,039,583 | ---- | C] () -- C:\Windows\System32\nvwsapps.xml
[2009/10/19 22:12:20 | 00,009,277 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2009/10/19 22:12:05 | 00,202,019 | ---- | C] () -- C:\Windows\System32\nvapps.xml
[2009/10/14 02:59:24 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2009/10/14 02:59:18 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2009/10/13 21:00:25 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/10/13 15:01:42 | 00,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{3862d670-b82a-11de-a1e4-001e680acb43}.TMContainer00000000000000000002.regtrans-ms
[2009/10/13 15:01:42 | 00,524,288 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{3862d670-b82a-11de-a1e4-001e680acb43}.TMContainer00000000000000000001.regtrans-ms
[2009/10/13 15:01:42 | 00,065,536 | -HS- | C] () -- C:\Users\user\NTUSER.DAT{3862d670-b82a-11de-a1e4-001e680acb43}.TM.blf
[2009/10/13 14:13:50 | 00,000,508 | ---- | C] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/10/09 13:24:48 | 00,001,904 | ---- | C] () -- C:\Users\Public\Desktop\TSR Workshop.lnk
[2009/07/12 02:10:35 | 00,000,019 | ---- | C] () -- C:\Windows\KNP.INI
[2009/06/24 11:31:42 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/10 01:17:05 | 00,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009/06/10 01:17:05 | 00,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009/06/09 15:33:42 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/05/21 06:41:52 | 00,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2009/03/12 22:09:01 | 00,007,168 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/12 15:45:51 | 00,093,608 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/12 15:45:03 | 00,093,608 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/12 07:41:50 | 00,048,600 | ---- | C] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/12 07:41:26 | 00,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,163 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/06 18:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:C31F31E6
< End of report >

**************************************************************************************************

OTL Extras logfile created on: 11/1/2009 5:30:35 PM - Run 1
OTL by OldTimer - Version 3.1.2.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.68 Mb Total Physical Memory | 243.37 Mb Available Physical Memory | 31.78% Memory free
1.75 Gb Paging File | 1.10 Gb Available in Paging File | 62.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 55.59 Gb Free Space | 49.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TNL-LAPTOP
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C6D504C-B1AC-474C-A62D-ED5603E418FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22FF0A9C-EE51-4BDA-BAC1-A1B7B42D9058}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29DEC120-05C2-43C5-85C7-04CD0B3E2989}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3811A81D-056F-4D31-9E1A-06AA5A5D7870}" = lport=443 | protocol=6 | dir=in | app=system |
"{5087A2AF-C340-4A1D-88EB-201DB40EE504}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AAF4A97-4D17-47B0-B5C1-A5F842E01E65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C8F61B4-BB64-48D4-B6BB-3D1E7F165DF7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6FF9B54C-C889-480A-9339-7152C5619EFE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{75F11BC0-FE57-49A5-B727-807F0B3C1ACF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C35E44D-CB2B-4FD7-B496-D00E14837DED}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7F6401EB-4586-4AD4-99DD-25D1402850A7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8CC44E78-BC97-4FB7-88B2-B7E9C7566726}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97AED24F-CE5A-45AF-9066-CE75BC787A25}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A758D3DC-9092-4EE0-BAE4-3AC14D64126A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CAFD39D7-07C6-43A1-9D20-B347D96A0FF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA668B66-D30E-4E99-B7A9-29C0A6607A6C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{DBDC4416-1DA8-4DB9-8917-C66E6A35E56E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E3F04594-B458-4A3F-9397-5BDCDC2668DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F68ACB99-0E65-426C-B58A-611E0A61C220}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7E93978-866F-4012-9C20-2E2B831AF5D7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C7ED9C1-8EA9-43BA-AE4E-35612435FBF3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0D518519-1FD7-4324-B34D-E736334FECAA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{42B94F14-4489-4E10-845E-FC3E860588EC}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{42BD74EC-B7F8-4913-BC42-0B074D04B905}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47CA1880-E34E-4FE0-82B8-8D2FF33A21B6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4CC11A85-2B3C-422A-B170-CACEF03A2D80}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4DFEE572-7261-46DB-95B4-237E81CEBFCF}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{71394296-07E2-4143-BB62-8E101A8196B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CA3E423-7505-41DC-ABCC-8F74437C1BB2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A0704D1D-9C11-4604-8051-FF0BA496963D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6F0F693-AA49-4406-A8C6-278064FDF7EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC0B035E-942B-4786-96AA-84BF8CB50835}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DEBFDA19-76D9-4510-9121-555C1C260A79}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7D2EBA3-527E-4085-80B5-2D1857E1F77F}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{FE2EF751-7B65-45F5-B15F-1DA018EAB901}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FFC9CBE8-6715-4BFB-B15E-D8E5C9CD1789}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2584ED66-BBAB-40C5-87E8-EBE90975DF04}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{66A0CB78-FFC2-4644-A72A-EE4CDBBC5D46}C:\games\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\games\electronic arts\eadm\core.exe |
"TCP Query User{9866F95E-3469-4D6B-BF83-3DB09B3BA332}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A158D6D2-44C7-46B7-96B7-2B53CE865314}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{BE4446A7-09AF-435D-98F5-E145B448C67E}C:\games\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\games\electronic arts\eadm\core.exe |
"UDP Query User{29F7F30B-2061-4CB7-BB2D-656F583E7DD9}C:\games\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\games\electronic arts\eadm\core.exe |
"UDP Query User{2A19A799-EA2C-4C01-A8A0-FD230A221845}C:\games\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\games\electronic arts\eadm\core.exe |
"UDP Query User{9434BEE0-58BE-4588-B4E8-08808DDB5FAC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CDB716EE-5412-4105-9990-E305B94EE5F5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DAC74869-E2CF-4BA0-9B22-5A5D90318525}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69656F80-EC05-4FF4-915C-AE417CAB7226}" = TSR Workshop
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"comtypes-py2.5" = Python 2.5 comtypes-0.5.2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DMX5_is1" = DriverMax 5
"EADM" = EA Download Manager
"HijackThis" = HijackThis 2.0.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MilkShape 3D 1.8.5" = MilkShape 3D 1.8.5
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"Operation Optimization_is1" = Operation Optimization v1.1.1
"PIL-py2.5" = Python 2.5 PIL-1.1.6
"psyco-py2.5" = Python 2.5 psyco-1.6
"pywin32-py2.5" = Python 2.5 pywin32-212
"Security Task Manager" = Security Task Manager 1.7h
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Unofficial Shivering Isles Patch_is1" = Unofficial Shivering Isles Patch v1.4.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft ScreenHunter 4.0 Free" = Wisdom-soft ScreenHunter 4.0 Free
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-701379567-377844740-1610885016-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2009 8:08:12 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 8:08:13 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 8:08:13 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 8:08:15 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 8:08:15 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 8:08:17 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 8:08:17 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 8:08:18 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 8:08:18 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 10/30/2009 9:23:52 AM | Computer Name = TnL-Laptop | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 6/25/2009 9:37:52 PM | Computer Name = TnL-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/27/2009 3:24:23 PM | Computer Name = TnL-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/28/2009 10:57:14 AM | Computer Name = TnL-Laptop | Source = McrMgr | ID = 109
Description =

Error - 9/23/2009 11:31:25 PM | Computer Name = TnL-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/1/2009 12:51:56 PM | Computer Name = TnL-Laptop | Source = DCOM | ID = 10010
Description =

Error - 11/1/2009 12:54:14 PM | Computer Name = TnL-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:52:13 AM on 11/1/2009 was unexpected.

Error - 11/1/2009 12:55:50 PM | Computer Name = TnL-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/1/2009 1:06:47 PM | Computer Name = TnL-Laptop | Source = DCOM | ID = 10005
Description =

Error - 11/1/2009 1:06:47 PM | Computer Name = TnL-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 11/1/2009 1:06:47 PM | Computer Name = TnL-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/1/2009 1:10:55 PM | Computer Name = TnL-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/1/2009 6:16:36 PM | Computer Name = TnL-Laptop | Source = DCOM | ID = 10010
Description =

Error - 11/1/2009 6:20:59 PM | Computer Name = TnL-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:18:11 PM on 11/1/2009 was unexpected.

Error - 11/1/2009 6:22:26 PM | Computer Name = TnL-Laptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Again Thank You for your reply.
Lois

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:17 AM

Posted 02 November 2009 - 04:16 AM

Hi,

did the reboots and CPU spikes after you installed McAfee? If so I would like to ask you to uninstall McAfee (and maybe try another free anti virus program such as Avira Link to remain protected) and test if the reboots cease. It could be that McAfee is incompatible with other programs on your PC.


Please also disable the automatic reboot feature and tell me if you get an error message on the next reboot.
Instructions on how to reboot:

1.Right-click My Computer, and then click Properties.
2.Click the Advanced tab.
3.Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.
4.Clear the Automatically restart check box, and click OK the necessary number of times.
5.Restart your computer for the settings to take effect.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Lady_Avalon

Lady_Avalon
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 02 November 2009 - 07:39 AM

Hello Temp

As to your first question

did the reboots and CPU spikes after you installed McAfee?


I don't think so. But I'm going to uninstall McAfee then try the anitvirus you sent the link for and test you theory

Next I will disable the Auto Reboot and inform you of the results.

thank You
Lois :(

#6 Lady_Avalon

Lady_Avalon
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 02 November 2009 - 10:35 AM

Ok

I did as you asked. uninstalled McAfee and replaced it with Avira I still get the CPU spiking at 100% then I disabled the Automatic Reboot no error on reboot after 3 tries, however I did get a dos command type window that flashed once when I rebooted after removing McAfee it did have a title with smc%--something--reboot--something. but it flashed so fast I couldn't catch the full title, and it didn't stop the rebooting.

So Now what? Can I put Mcafee back on?

Thanks
Lois :(

Edited by Lady_Avalon, 02 November 2009 - 11:30 AM.


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:17 AM

Posted 03 November 2009 - 02:44 PM

Hi,

it seems that this error may be caused by scripts running from your temporary folders, so I would like to ask you to run another temporary file cleaner and see if things improve:

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.


Since we now know, that McAfee is not the source of the problem, please reinstall it.

regards _temp_

Edited by _temp_, 03 November 2009 - 02:44 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Lady_Avalon

Lady_Avalon
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 03 November 2009 - 04:40 PM

Hello Temp

First I want to thank you for all the help you are giving me.

I'm getting ready to run the TFC scan but I wanted to let you know what happened when I reinstalled McAfee. Before It installed the software it ran a scan on my laptop to check for hamful items, when it finished it said there was one or more harmful items that it could not remove or fix and advised me to contact their support team. It then proceeded to install the software. once done I ran a full scan with McAfee but it found nothing.

I'll run the TFC scan and the get back to you.

Should I enable the automatic reboot?

Thank You
Lois

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:17 AM

Posted 03 November 2009 - 05:05 PM

Hi,

did McAfee by any chance give you a name of what it found and a place where it found it?

I would advise that you keep automatic reboot disabled, it will not interfere with your normal use of the PC, but when something goes wrong you will be able to provide the error message created by Windows for your problem. This is a personal choice though and if you wish to disable it, you can do so.

Just to make sure.
Download and run Win32kDiag:regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Lady_Avalon

Lady_Avalon
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 03 November 2009 - 09:32 PM

Sorry it took so long,

did McAfee by any chance give you a name


No, McAfee only gave me a link to their support site but when ever I clicked on it, it caused my system to reboot. When I tried in Safe Mode I got a blue screen unknown error and had to manually reboot.

I'm not sure the results of the Win32kDiag are what you wanted to see. So I did a scan In Safe Mode also. The results are different so I'll post the regular mode here and Attach the safe mode. I have them both Saved.


Regular Mode


Running from: C:\Users\user\Desktop\Win32kDiag.exe

Log file at : C:\Users\user\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-03 18:11:38 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-11-03 18:10:59 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-11-03 18:11:08 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-11-03 18:11:08 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl

[1] 2009-11-03 00:57:25 8780872 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl ()





Finished!

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:17 AM

Posted 05 November 2009 - 09:16 AM

Hi,

did you write down the error message you got when you booted into safe mode? Could you post it here? Can you boot into safe mode now?

Are you still getting the dos-box after emptying your temporary folders? Are the crashes still persistent?


Please run the following scans on your PC:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

And Rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Lady_Avalon

Lady_Avalon
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 05 November 2009 - 03:37 PM

Hello Temp

did you write down the error message you got when you booted into safe mode? Could you post it here? Can you boot into safe mode now


No, I did not write it down. but I do remember that there were 5 sets of numbers and most of the numbers were 0's except the last 2 or 3 numbers in each set. I can try to recreate it if you like. And, Yes I can boot in safe mode now.

Are you still getting the dos-box after emptying your temporary folders? Are the crashes still persistent?


No. I only got the dos-box one time. It has not happened again. And Yes I still have the random reboots but only if I'm connected to the internet. Here's a thought. The night before I got the first Virus Detection I had updated my drivers. and one of the drivers was my network driver (Atheros Communications Inc. Net Drivers) Could this cause a problem simular to what I'm experiencing if the driver was not compatible? (The spiking to 100% when connected then sudden reboots)

Here are the Results of the Malwarebytes Scan
(I scanned in Regular Mode and Safe Mode and Got the same results)

Malwarebytes' Anti-Malware 1.41
Database version: 3106
Windows 6.0.6002 Service Pack 2

11/5/2009 1:21:05 PM
mbam-log-2009-11-05 (13-21-05).txt

Scan type: Quick Scan
Objects scanned: 94959
Time elapsed: 14 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

***************************************************************

Here are the Results of the RootRepeal Scan
(I scaned in Regular Mode and Safe Mode)

ROOTREPEAL © AD, 2007-2009 Regular Scan
==================================================
Scan Start Time: 2009/11/05 13:51
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8B600000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x89DF2000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9F26D000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1264 Status: Locked to the Windows API!

==EOF==


ROOTREPEAL © AD, 2007-2009 Safe Mode Scan
==================================================
Scan Start Time: 2009/11/05 13:58
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x89B1D000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x89B12000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x89B45000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

==EOF==

Thanks
Lois

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:17 AM

Posted 05 November 2009 - 03:47 PM

Hi,

as far as I can tell the problems are not coming from malware. So we should be looking into other possible reasons. (and if we don't find any I might ask you to repost your problem in one of the Windows forums here at BC as they usually have more experience with non-malware related issues).

The updated drivers might very well be the reason for your problems. Do you have a way of installing the older version for testing?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Lady_Avalon

Lady_Avalon
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 05 November 2009 - 04:01 PM

:( I'm so glad I'm not infected.

I did do a back up of the drivers before I installed the updates but I don't know how to pull them and install them. Do you have any suggestions?

Also the drivers are stored on an external drive that is located on my network. Will it be ok to access the network. I've kinda avoided the network because I didn't want to infect my other PC's

Thanks Lois

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:17 AM

Posted 05 November 2009 - 04:07 PM

Hi,

from what I can tell, your logs look clean and you should be able to connect to your network without infecting the other machines.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users