Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This log


  • This topic is locked This topic is locked
34 replies to this topic

#1 xer 21

xer 21

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 03 November 2009 - 02:11 AM

Here is my log, i am hoping someone can tell me whats wrong, half the time i click on a link, i get redirected to ads. I think im having the same problem as Gaaira.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:19 PM, on 11/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportshawaii.com/sh/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe rundll32.exe dckp.suo printer
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lsdefrag] C:\Users\Owner\Desktop\a.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [calc] rundll32.exe C:\Windows\system32\calc.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files (x86)\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\Users\Owner\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Registration .LNK = C:\Program Files (x86)\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kinetic Books License Service - Kinetic Books - C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 9781 bytes

Edited by xer 21, 03 November 2009 - 08:43 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 08 November 2009 - 06:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 10 November 2009 - 02:37 AM

Ok, so my problems are as follows:

it started when i noticed i had a new icon on the desktop named "a.exe". i looked it up, found it was malware and force deleted it with the cmd. afterwards, i left my computer for the nigh, and found 50 newe ad windows opened up on my computer in the morning. i ran updated versions of spybot, iobit 360, and later, malwarebytes, and they have yet to register anything beyond cookies and the ocaional trojan downloader (which is how i suspect i got this in the first place. then, when online, i noticed all my links (about 90%) wether from a google search, homepage or whatever, all redirected me to an ad. before it loaded, i noticed the URL was either thefeedwater.com or providefeed.com, both of which i now know are acknowledged browser hijackers, of which theffedwater.com is very new. since then, none antispywares aside from this OTL tool and hijack this will run, always running into an "unexpected error" at launch.

so here are my logfiles

Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:16 PM, on 11/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportshawaii.com/sh/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [calc] rundll32.exe C:\Windows\system32\calc.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files (x86)\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\Users\Owner\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Registration .LNK = C:\Program Files (x86)\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kinetic Books License Service - Kinetic Books - C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 9630 bytes



OTL.txt



OTL logfile created on: 11/9/2009 9:28:37 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 41.95% Memory free
4.00 Gb Paging File | 3.01 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 53.43 Gb Free Space | 17.92% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/09 21:27:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/11/06 10:41:02 | 03,424,528 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
PRC - [2009/11/06 10:40:10 | 01,242,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/11/06 10:40:08 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
PRC - [2009/11/02 21:02:51 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
PRC - [2009/11/02 21:02:51 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 19:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/27 14:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/04/05 18:40:20 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/04/05 18:40:20 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/04/04 22:16:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Steam\steam
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/10 07:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/02/19 10:26:52 | 00,876,544 | ---- | M] (CNET Networks, Inc.) -- C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe
PRC - [2008/02/19 10:26:52 | 00,876,544 | ---- | M] (CNET Networks, Inc.) -- C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [1999/12/12 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTsvcCDA.exe


========== Modules (SafeList) ==========

MOD - [2009/11/09 21:27:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/08/26 19:22:28 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009/07/17 04:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/02/12 22:47:47 | 00,026,112 | ---- | M] (Microsoft) -- C:\Users\Owner\ntuser.dll
MOD - [2008/04/09 05:18:14 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/18 21:37:12 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/18 21:36:48 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2008/01/18 21:36:48 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/18 21:36:34 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2008/01/18 21:33:45 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2008/01/18 21:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/01 22:33:06 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/04/29 18:59:06 | 06,462,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/04/29 18:58:54 | 00,287,648 | ---- | M] () -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2008/01/18 22:06:50 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/18 22:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/11/06 10:40:08 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe -- (IS360service)
SRV - [2009/10/28 15:41:22 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/05 18:40:20 | 00,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/14 19:47:05 | 00,138,168 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/09/15 21:44:27 | 00,079,360 | ---- | M] (Kinetic Books) -- C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe -- (Kinetic Books License Service)
SRV - [2008/08/25 14:26:18 | 00,242,424 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/27 08:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/27 08:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/06/19 15:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 15:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/01/18 22:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr)
SRV - [2008/01/18 22:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 05:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 03:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 20:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 20:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 16:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 11:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [1999/12/12 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTsvcCDA.exe -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/12 09:07:49 | 00,314,016 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/09/12 09:07:49 | 00,043,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/01/25 17:09:41 | 00,818,424 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/06/19 17:24:32 | 00,033,792 | ---- | M] () -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2008/01/18 20:47:12 | 00,046,080 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/18 20:33:58 | 00,098,816 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio)
DRV:64bit: - [2006/11/01 19:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/09 16:09:03 | 00,742,696 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2008/06/12 20:48:20 | 00,012,528 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2008/01/17 12:38:47 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/09/18 11:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sportshawaii.com/sh/index.php
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\S-1-5-21-1962972053-3060331264-1401746588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 03:00:57 | 00,000,000 | ---D | M]

[2009/04/13 21:06:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/13 21:06:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (297277 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10269 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [calc] C:\Windows\SysWow64\calc.DLL (Microsoft)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [calc] C:\Users\Owner\ntuser.DLL (Microsoft)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [VnrBlock21] C:\Program Files (x86)\VnrBlock\VnrBlock21.exe File not found
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameSpot Download Manager.lnk = C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe (CNET Networks, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\ua_lsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\ua_lsp.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/11 16:27:33 | 00,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe -- [2007/03/22 13:57:09 | 00,051,336 | R--- | M] ()
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe -- [2007/05/31 17:23:56 | 00,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{c37f379c-5a0b-11de-9a43-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{c37f37a1-5a0b-11de-9a43-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (s\Cu) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/09 21:27:58 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/04 15:08:07 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2009/11/04 15:08:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/04 07:12:21 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/04 07:12:19 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/02 21:02:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/30 14:15:20 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/10/30 14:15:20 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/10/30 14:15:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2009/10/28 19:07:20 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/28 19:07:20 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/27 14:07:22 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/27 14:07:19 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/27 14:07:15 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2009/10/13 11:34:25 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/10/13 11:34:25 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/10/13 11:34:23 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/10/13 11:34:23 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/10/13 11:34:22 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/10/13 11:34:00 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 11:33:55 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 11:33:54 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/13 11:33:53 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 11:33:53 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 11:33:52 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/13 11:33:52 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/13 11:33:51 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/13 11:33:51 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/13 11:33:51 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 11:33:50 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/13 11:33:50 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/13 11:33:50 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/13 11:33:50 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/13 11:33:50 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/13 11:33:50 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/13 11:33:50 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/13 11:33:50 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/13 11:33:50 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/13 11:32:54 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 11:32:23 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/09 21:29:05 | 06,029,312 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2009/11/09 21:27:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/09 21:22:56 | 00,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/11/09 21:22:56 | 00,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/11/09 20:16:28 | 00,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 20:16:28 | 00,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/08 21:22:11 | 00,643,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/08 21:22:11 | 00,354,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/08 21:22:11 | 00,287,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/08 21:15:07 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/08 21:15:07 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/08 21:15:07 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/08 21:15:07 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/08 20:16:34 | 00,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2009/11/08 20:16:26 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/08 20:16:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/08 20:16:16 | 21,459,68128 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/06 14:53:46 | 00,000,903 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/04 16:32:19 | 00,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/04 16:32:19 | 00,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/04 16:32:16 | 06,291,456 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2009/11/04 15:08:04 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/02 21:02:51 | 00,001,928 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/11/01 03:38:58 | 00,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/11/01 03:38:54 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/10/28 20:54:42 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\video.avs
[2009/10/26 19:07:19 | 00,000,857 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/26 19:07:19 | 00,000,855 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/24 21:04:59 | 00,148,425 | ---- | M] () -- C:\Users\Owner\Documents\Doc1.docx
[2009/10/24 15:30:17 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum85.sav
[2009/10/24 15:12:54 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum84.sav
[2009/10/24 15:08:13 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum83.sav
[2009/10/24 14:39:27 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum82.sav
[2009/10/24 14:28:47 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum81.sav
[2009/10/24 14:26:51 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum80.sav
[2009/10/24 14:24:04 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum79.sav
[2009/10/24 11:31:39 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum78.sav
[2009/10/24 11:16:52 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum77.sav
[2009/10/24 10:46:39 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum76.sav
[2009/10/21 23:59:08 | 00,010,075 | ---- | M] () -- C:\Users\Owner\Documents\xer 21.docx
[2009/10/21 17:06:37 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum75.sav
[2009/10/21 16:57:31 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum74.sav
[2009/10/21 16:36:29 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum73.sav
[2009/10/21 16:30:41 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum72.sav
[2009/10/21 16:14:52 | 09,236,480 | ---- | M] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/21 12:36:56 | 01,638,912 | ---- | M] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/21 00:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/20 22:44:02 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum71.sav
[2009/10/20 22:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/20 22:04:59 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum70.sav
[2009/10/20 21:59:31 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum69.sav
[2009/10/20 21:56:28 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum68.sav
[2009/10/20 21:52:05 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum67.sav
[2009/10/19 22:03:02 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum66.sav
[2009/10/19 21:55:13 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum65.sav
[2009/10/19 21:52:59 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum64.sav
[2009/10/19 21:35:42 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum63.sav
[2009/10/19 21:32:03 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum62.sav
[2009/10/17 23:00:13 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum61.sav
[2009/10/17 22:19:23 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum60.sav
[2009/10/17 22:16:27 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum59.sav
[2009/10/17 21:59:50 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum58.sav
[2009/10/17 21:49:01 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum57.sav
[2009/10/17 21:44:29 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum56.sav
[2009/10/17 18:50:21 | 00,010,407 | ---- | M] () -- C:\Users\Owner\Documents\Blake Tolentino.docx
[2009/10/16 07:19:40 | 00,072,800 | ---- | M] () -- C:\Users\Owner\Documents\___1[1].pdf
[2009/10/13 07:45:29 | 00,001,754 | ---- | M] () -- C:\Users\Owner\Desktop\LimeWire 5.3.6.lnk
[2009/10/12 21:59:36 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum55.sav
[2009/10/12 20:28:17 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum54.sav
[2009/10/12 15:27:48 | 00,055,296 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 17:10:14 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum53.sav
[2009/10/11 17:04:24 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum52.sav
[2009/10/11 17:00:43 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum51.sav
[2009/10/11 16:54:44 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum50.sav
[2009/10/11 16:52:08 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum49.sav
[2009/10/11 15:42:33 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum48.sav
[2009/10/11 15:27:35 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum47.sav
[2009/10/11 14:36:33 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum46.sav
[2009/10/11 13:51:20 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum45.sav
[2009/10/11 13:47:43 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum44.sav
[2009/10/11 12:55:08 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum43.sav
[2009/10/11 12:13:55 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum42.sav
[2009/10/11 12:12:53 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum41.sav
[2009/10/11 11:30:42 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum40.sav
[2009/10/11 11:13:10 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum39.sav
[2009/10/10 23:29:24 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum38.sav
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/04 15:08:04 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 15:08:01 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/04 07:12:20 | 09,236,480 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/11/04 07:12:19 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/11/02 21:02:51 | 00,001,928 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2009/10/30 14:15:24 | 00,000,903 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/10/27 14:07:23 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/27 14:07:22 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/27 14:07:15 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/10/26 19:07:19 | 00,000,857 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/26 19:07:19 | 00,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/24 21:04:59 | 00,148,425 | ---- | C] () -- C:\Users\Owner\Documents\Doc1.docx
[2009/10/24 15:14:36 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum85.sav
[2009/10/24 15:08:17 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum84.sav
[2009/10/24 14:39:51 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum83.sav
[2009/10/24 14:28:59 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum82.sav
[2009/10/24 14:27:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum81.sav
[2009/10/24 14:24:10 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum80.sav
[2009/10/24 11:32:25 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum79.sav
[2009/10/24 11:18:20 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum78.sav
[2009/10/24 10:56:49 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum77.sav
[2009/10/21 23:59:04 | 00,010,075 | ---- | C] () -- C:\Users\Owner\Documents\xer 21.docx
[2009/10/21 17:10:07 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum76.sav
[2009/10/21 17:02:01 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum75.sav
[2009/10/21 16:37:05 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum74.sav
[2009/10/21 16:33:50 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum73.sav
[2009/10/20 22:44:42 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum72.sav
[2009/10/20 22:05:03 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum71.sav
[2009/10/20 21:59:56 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum70.sav
[2009/10/20 21:56:32 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum69.sav
[2009/10/20 21:52:28 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum68.sav
[2009/10/19 22:03:08 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum67.sav
[2009/10/19 21:56:35 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum66.sav
[2009/10/19 21:53:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum65.sav
[2009/10/19 21:35:47 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum64.sav
[2009/10/19 21:32:08 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum63.sav
[2009/10/17 22:59:36 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum62.sav
[2009/10/17 22:20:16 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum61.sav
[2009/10/17 22:16:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum60.sav
[2009/10/17 22:00:11 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum59.sav
[2009/10/17 21:49:39 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum58.sav
[2009/10/17 21:44:36 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum57.sav
[2009/10/17 18:50:20 | 00,010,407 | ---- | C] () -- C:\Users\Owner\Documents\Blake Tolentino.docx
[2009/10/16 07:19:40 | 00,072,800 | ---- | C] () -- C:\Users\Owner\Documents\___1[1].pdf
[2009/10/13 11:34:37 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 11:34:26 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/10/13 11:34:25 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/10/13 11:34:24 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/10/13 11:34:23 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/10/13 11:34:23 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/10/13 11:34:00 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 11:33:56 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 11:33:53 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/13 11:33:52 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 11:33:52 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/13 11:33:52 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/13 11:33:52 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/13 11:33:51 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/13 11:33:51 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/13 11:33:50 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/13 11:33:50 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/13 11:33:50 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/13 11:33:50 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/13 11:33:50 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/13 11:33:50 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/13 11:33:50 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/13 11:33:50 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/13 11:33:50 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/13 11:33:50 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/13 11:32:54 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 11:32:52 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 11:32:23 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 07:45:29 | 00,001,754 | ---- | C] () -- C:\Users\Owner\Desktop\LimeWire 5.3.6.lnk
[2009/10/12 22:00:16 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum56.sav
[2009/10/12 20:29:45 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum55.sav
[2009/10/11 17:13:28 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum54.sav
[2009/10/11 17:06:27 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum53.sav
[2009/10/11 17:01:04 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum52.sav
[2009/10/11 15:25:29 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum51.sav
[2009/10/11 15:22:52 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum50.sav
[2009/10/11 14:50:50 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum49.sav
[2009/10/11 14:37:54 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum48.sav
[2009/10/11 14:36:37 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum47.sav
[2009/10/11 13:53:42 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum46.sav
[2009/10/11 13:48:42 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum45.sav
[2009/10/11 12:55:12 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum44.sav
[2009/10/11 12:14:59 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum43.sav
[2009/10/11 12:13:55 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum42.sav
[2009/10/11 11:31:40 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum41.sav
[2009/10/11 11:13:16 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum40.sav
[2009/10/10 23:29:31 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum39.sav
[2009/08/06 03:25:28 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/08/06 03:25:28 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/06 03:25:28 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/08/06 03:25:28 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/06/22 11:35:59 | 00,058,039 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/22 11:35:59 | 00,058,039 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/28 14:15:32 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/12/09 16:41:40 | 00,027,193 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheckdotnetfx30.txt
[2008/12/09 16:41:34 | 00,032,900 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3install.txt
[2008/12/09 16:41:34 | 00,001,578 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2008/12/09 16:41:34 | 00,000,604 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3error.txt
[2008/10/11 09:16:11 | 00,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/15 21:44:31 | 00,437,084 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI67DC.txt
[2008/09/15 21:44:31 | 00,011,364 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI67DC.txt
[2008/09/15 21:43:55 | 04,677,647 | ---- | C] () -- C:\Windows\SysWow64\kbpwprinc.dll
[2008/09/15 14:14:24 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/15 14:12:02 | 00,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008/09/15 14:12:02 | 00,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008/09/15 14:11:10 | 00,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/07/26 22:48:57 | 06,291,456 | -H-- | C] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2008/07/15 21:34:35 | 00,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2008/06/30 20:28:06 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2008/06/30 20:28:06 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2008/06/11 13:55:04 | 00,041,296 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2008/05/29 17:27:39 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/05/29 17:27:17 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/03/11 21:32:51 | 00,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll
[2008/03/11 21:32:51 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2008/03/11 21:32:40 | 00,151,040 | -HS- | C] () -- C:\Windows\SysWow64\VistaUltm.dll
[2008/03/11 21:32:40 | 00,027,648 | -HS- | C] () -- C:\Windows\SysWow64\Smab0.dll
[2008/03/11 21:31:41 | 00,055,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 20:06:29 | 00,000,347 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/11/26 21:56:28 | 00,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007/11/22 12:24:57 | 00,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2007/11/21 21:54:54 | 00,621,228 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007/10/28 15:50:43 | 00,000,080 | ---- | C] () -- C:\Windows\CoD.ini
[2007/10/19 19:03:10 | 00,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2007/08/21 08:29:45 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2007/08/21 08:01:38 | 00,101,440 | ---- | C] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/21 08:01:16 | 00,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2004/02/11 15:14:06 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\ua_lsp.dll

========== Files - Unicode (All) ==========
[2008/10/04 21:54:37 | 00,000,000 | ---D | M](C:\Windows\SysWow64\?ppPatch) -- C:\Windows\SysWow64\АppPatch
[2008/10/04 20:42:40 | 00,000,000 | ---D | C](C:\Windows\SysWow64\?ppPatch) -- C:\Windows\SysWow64\АppPatch
[2008/10/06 20:51:11 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\??stem32) -- C:\Users\Owner\Documents\ѕуstem32
[2008/10/06 20:49:55 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\??stem32) -- C:\Users\Owner\Documents\ѕуstem32
[2008/10/08 19:56:26 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\?ystem) -- C:\Users\Owner\Documents\ѕystem
[2008/10/08 19:55:39 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\?ystem) -- C:\Users\Owner\Documents\ѕystem
[2008/10/01 20:22:42 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\?dobe) -- C:\Users\Owner\Documents\Αdobe
[2008/10/01 20:18:19 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\?dobe) -- C:\Users\Owner\Documents\Αdobe
[2008/10/07 20:54:16 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\?racle) -- C:\Users\Owner\AppData\Roaming\Οracle
[2008/10/02 20:42:16 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\S?mantec) -- C:\Users\Owner\AppData\Roaming\Sуmantec
[2008/09/30 19:42:59 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\F?nts) -- C:\Users\Owner\AppData\Roaming\Fοnts
[2008/09/30 19:41:37 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\A?pPatch) -- C:\Users\Owner\AppData\Roaming\AрpPatch
[2008/10/10 19:58:12 | 00,000,000 | ---D | M](C:\Program Files (x86)\?dobe) -- C:\Program Files (x86)\Αdobe
[2008/10/03 20:41:29 | 00,000,000 | ---D | M](C:\Program Files (x86)\s?curity) -- C:\Program Files (x86)\sеcurity
[2008/10/09 19:52:06 | 00,000,000 | ---D | M](C:\Program Files (x86)\Common Files\??stem) -- C:\Program Files (x86)\Common Files\ѕуstem
[2008/10/05 20:46:34 | 00,000,000 | ---D | M](C:\Program Files (x86)\Common Files\T?sks) -- C:\Program Files (x86)\Common Files\Tаsks
< End of report >



Extras.txt




OTL Extras logfile created on: 11/9/2009 9:28:37 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 41.95% Memory free
4.00 Gb Paging File | 3.01 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 53.43 Gb Free Space | 17.92% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" [2008/09/19 20:54:54 | 00,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" [2008/09/19 20:54:54 | 00,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = A5 EE 12 03 46 DB C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13952E25-FCAE-4A4A-9E5A-C288E50CA619}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3822B58E-6BA5-40DE-A277-06658FEBFAE4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{486EB171-F201-4847-81DE-3987E16C20BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6884704D-F7B6-4E81-925E-DEA86F702F20}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{69039E23-C9AF-48BE-9253-FAB4BF9EC5AC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6DFF7B76-EFFE-4235-BB33-2905AB21283F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9831DA9B-64D5-4335-929A-10BA560EC2E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A26DAC99-9297-405A-9D10-6C26B896B8AA}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C1AD6E18-D979-4826-AE34-B2C02E74C986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE75ABC6-1AC3-4720-A5DB-5778C89FA869}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E22A0797-219F-4172-87F1-B359FBD21A26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9BABBF4-10AC-416A-9026-9F3F47EC45D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A689C5-882F-4C49-9A51-9E382517330E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{0670F951-0DE1-47C4-B3FC-763D4F32C443}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{08E496B9-3B97-4A2A-BADF-833C71C0D8E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{096AB1F1-45C9-4ED6-BE3E-22F5FC1688D1}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2 demo\bf2.exe |
"{0C68C60E-F44C-4589-9ED4-77070EDA3C8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{1BE50ECA-7D35-475C-8681-7F0E8FB5870E}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{22D20B90-ABD3-450C-9DCC-23BE1B80F717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkest of days demo\darkestofdays.exe |
"{2338BB4E-B182-432B-A35E-6514B213F9CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{257CEA5E-4B3C-43FF-B59F-0DB82BF365E6}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{2AC1BD87-44EC-474D-BD54-93423A1BE58E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2spdemo\fear2spdemo.exe |
"{2AC792A6-E4F7-4D15-84AD-80421993C6EB}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{2BB9513B-929B-4C94-A257-A2ED23629C99}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{2BD6E6F2-9ED6-4513-824A-00DFBE08239A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's h.a.w.x - demo\hawx.exe |
"{2CF000B7-DD18-4FF6-9D63-79D600B564F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scdalauncher.exe |
"{2D23FBDA-9888-4E43-886F-FF7EAB01F3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite\sniperelite.exe |
"{2F4F01DA-8259-464B-BFB4-F9C1D6BEBA47}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{320E0782-835A-46CE-982A-088EBF28B28A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{337A9FE1-6DDF-4EF8-8F0D-69A74E55F6FB}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\aawservice.exe |
"{36D2DC9C-FF33-49A9-845F-2829DF34E40B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{384E8216-7AB9-4AEC-9902-82A40885E38B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{395553B2-96BB-41B0-9074-24AFED55C9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psycholauncher.exe |
"{3FAE7C66-4155-4527-9EE3-F88C65C3C114}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
"{41DDCF6F-B8EF-49FF-ABB5-DEAFCF115255}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{45B3F55B-CCBC-444A-8E26-D538769DC807}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4847A910-BB0E-4655-A58A-5499B9F17F1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{4EA6DC22-D63A-40A0-B836-856DF5CD44BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{517D4C12-CFEB-44B1-B1AF-3D5C480A2037}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{52703A03-DD2C-4FDC-A04B-99A2A80C325B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scdalauncher.exe |
"{53FFA702-8C8A-47DF-A17C-F559D3A02F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{59248C67-7F4B-44D2-ACCC-68E93E3E8157}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{5A0119BB-1562-458B-AB99-8C9AC6D10C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{5A90E79C-6506-4B2F-9645-DB92369F0F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{5F3DD389-0A09-4E2B-B842-3B0AA1FDBC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\aawservice.exe |
"{6087431B-D9BC-44B4-B079-2872B46C1DA0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{61A00C6C-228C-4CF3-B222-9F86F07E2256}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{664DDF57-4711-4DF9-8A53-BED9F39028CC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{68CDE129-3385-4A54-9CB6-F78CB16418A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6C55DA97-D0BA-4004-8AB1-559946BBDA7E}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{6E6E42E9-3EEC-4F92-9E00-EFE6715B0B25}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{72E42B3D-A7BB-42D2-9B20-9C83098AE0E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{753279CC-0962-43E3-927A-8B29D8AED429}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{76FF03FD-EFD1-445E-9C46-7023FA8C25DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{77D3BBA4-B099-4013-B0FE-4614C86E5617}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkest of days demo\darkestofdays.exe |
"{81FEB615-80E5-463C-909D-D91C5EC29A5B}" = protocol=17 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe |
"{83DCE82E-1C67-4025-B9CE-D4CEBE857E60}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{846D47A1-471F-477B-AB2B-81719E32CD8B}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{8F8F2717-8FC2-43B5-B25A-3E327D9B09FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite\sniperelite.exe |
"{8FC0A606-CE3E-4199-AA9B-F8537FA6A0A9}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{91EAA5A9-EFD5-46D4-957A-9FE789D0DBF1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{97E6C614-81CD-4480-93A3-E9B293AA5053}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\aawservice.exe |
"{9A432F9E-BE8E-486B-A1AC-8675A55622A1}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{9A81E2A6-EBD9-4512-B2D5-F4E32DDE564A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{9FB24E5D-6FC8-486D-8F4C-C9FDE14B9AB1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9FB4266D-9DE7-43F7-A5A7-485A28373E13}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A13C7257-0C2F-4BD4-BC83-A31E91E8A9E0}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{A22F5DF5-4C66-4B44-BEF1-47B9A0A7872F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AF16B417-353E-4208-88BD-C873152C4C32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{B4C3EE56-D3B1-4D78-8183-A9091943A73D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C41155D1-2425-4B95-9C03-8F43714579F2}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{C92F4FD0-2801-4B52-89F9-6CA735980317}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{CA2CD60E-510A-4739-B767-BA775D2F85EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D09D73C6-5589-4EA9-AAED-B8D7A92120A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3 demo\doom3.exe |
"{D3D801C0-6175-4B49-B339-340D3D1ECC0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{D3ED386E-0E91-4B1C-8B8A-DB853291A2A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D5C31ED3-CD4A-4CC1-A3AE-A4AD85E04279}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{D5F5B526-FD25-4F1E-A683-9F255D7C7FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2spdemo\fear2spdemo.exe |
"{DE4E186A-BC5B-4F88-A0E5-BBF7360F67EE}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{EA36671E-D555-4633-B5EC-0B2459ED8DD3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{EB5423B1-CFDD-4E88-8DB1-06FB17035E5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F1B0744C-EF78-49AA-AA66-C06AD7368860}" = protocol=17 | dir=in | app=c:\program files (x86)\midway home entertainment\stranglehold\binaries\retail-stranglehold.exe |
"{F245E8F9-8444-401E-BEC4-DCD231F85983}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{F47C85F8-F017-4FAA-801A-102F99A4BA63}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{F7764A29-0E77-4353-BEC8-0C20D7BE182F}" = protocol=6 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe |
"{F851783C-53BA-4CE5-A2BD-12F9139A386C}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\aawservice.exe |
"{F90DEAC8-0CC3-44A0-A909-C784C7947F13}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FBB1E6D7-4FC1-4A2B-B2AE-73BFD833C8B1}" = protocol=6 | dir=in | app=c:\program files (x86)\midway home entertainment\stranglehold\binaries\retail-stranglehold.exe |
"{FC54508D-6F2A-4FBC-AAF3-A393239C0FB7}" = protocol=6 | dir=out | app=system |
"{FEDE968E-22CD-4598-98B4-5CD03AF41E41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3 demo\doom3.exe |
"{FF49199E-7ECD-43B4-9C07-1B89ACA11C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2 demo\bf2.exe |
"{FFFE0934-949E-47B2-AC7A-6C807901F121}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's h.a.w.x - demo\hawx.exe |
"TCP Query User{01CE2FEB-C939-4672-AB98-CF3FCD0EC6D9}C:\program files\battlefield 2 demo\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\battlefield 2 demo\bf2_w32ded.exe |
"TCP Query User{0F83BEFC-13FF-4494-AA37-120E646E8E02}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{25797E80-CD52-4C51-8981-C7EC6888AE83}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{40235BF7-12E0-428C-AE9C-DC11D22EF4C4}C:\program files (x86)\gore special edition\gore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gore special edition\gore.exe |
"TCP Query User{679347CF-623D-4BE5-B216-6CB874A2946E}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{8AEDB87F-E7CE-43E2-8E9B-36E871C50193}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{A87B96DE-3321-4881-B467-3F45962FE21E}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{AB6B4E71-09A7-4E39-91BF-FC0E50E811F5}C:\program files (x86)\ea games\battlefield 2 demo\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2 demo\bf2.exe |
"TCP Query User{BD2D1B2A-85B8-4DD7-8C40-8701FE4A706A}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{C5EB018D-D2C9-4D6D-B12C-425E7F355D16}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{C64356C8-C610-46ED-921C-1E58C89D2625}C:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{E660DDC4-32E7-4186-99D5-8AE5B737421F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{F1FA1F79-975C-4365-9D15-F90B9E59CD77}C:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{04C0E763-FF23-440D-80D3-15ED6538F0D3}C:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{0BE528CF-D259-49D1-BA89-CB789457792D}C:\program files (x86)\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{1D2628E4-BD2D-40E7-8255-857E12636A27}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{1DACCD56-EE18-4D58-9C16-B67F92BC17A3}C:\program files\battlefield 2 demo\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\battlefield 2 demo\bf2_w32ded.exe |
"UDP Query User{490ADAA9-9E8B-46AE-AA93-A028095A5388}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{547C1641-4C2F-4C02-A442-81391A1BE613}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{5E7D37DE-5E90-4BD4-8CC4-0D0CCAE550AA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{7B904F8D-D4DE-4122-9C86-EEBB092217E1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7DABB7EC-4DC5-44C2-A30E-A85B4B9942BE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{8AE23358-2570-4A45-A576-8B929FC03F29}C:\program files (x86)\ea games\battlefield 2 demo\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2 demo\bf2.exe |
"UDP Query User{ABA221B9-5CA7-43A5-BD30-92C042CC3D56}C:\program files (x86)\gore special edition\gore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gore special edition\gore.exe |
"UDP Query User{B7F2FC38-16EA-4BBA-A4C5-B52FDBD118C1}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{CCAA2558-F8E1-4A31-BF56-7AF3C08A5394}C:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2158685C-E2B3-4026-B0A1-0FFE31837AFD}" = PlayLinc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FAAECD0-1929-11DA-6784-006853A418BE}" = LoveChess Age Of Egypt
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8421F058-CB2D-4BCE-B487-4A559DE70173}" = Second Sight
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Aplus DVD Ripper_is1" = Aplus DVD Ripper 8.79
"Avernum2Demo" = Avernum 2
"AvernumDemo" = Avernum Demo
"BChanger" = BChanger
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Crysis WARHEAD®" = Crysis WARHEAD®
"Frets on Fire" = Frets On Fire
"GameSpotDownloadManager" = GameSpot Download Manager
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InterActual Player" = InterActual Player
"IObit Security 360_is1" = IObit Security 360
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"OpenAL" = OpenAL
"Principles of Physics Online 2" = Principles of Physics Online
"Product_Name" = Avernum 3
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Rankosaurus" = Rankosaurus Screen Grabber
"Steam App 13140" = America's Army 3
"Steam App 13580" = Splinter Cell: Double Agent
"Steam App 15100" = Assassin's Creed
"Steam App 16420" = F.E.A.R. 2: Project Origin Single-player Demo
"Steam App 19900" = Far Cry 2
"Steam App 21930" = Tom Clancy's H.A.W.X - Demo
"Steam App 220" = Half-Life 2
"Steam App 22300" = Fallout 3
"Steam App 3700" = Sniper Elite
"Steam App 37710" = Darkest of Days Demo
"Steam App 3830" = Psychonauts
"Steam App 4500" = STALKER: Shadow of Chernobyl
"Steam App 9100" = Doom 3 Demo
"SUPER " = SUPER Version 2008.bld.25 (Feb 5, 2008)
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Uninstaller_B5FED000_Kinetic Books Licensing" = Kinetic Books Licensing (Shared Components)
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinFF_is1" = WinFF 0.42
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.1.1
"Xfire" = Xfire (remove only)
"YASA MP4 Video Converter v3.2 (build 0051)" = YASA MP4 Video Converter v3.2 (build 0051)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 10 November 2009 - 07:20 AM

Hi,

could you please run Malwarebytes again and post the log, so that I can see what it is finding:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

I changed my nick today from _temp_ to myrti. I hope this won't cause to much confusion.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 10 November 2009 - 02:29 PM

I will do that as soon as i get home. right now i have my internet disconnected on that computer to prevent anything else from happeneing, but i will reconnect it and download a fresh copy.

#6 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 10 November 2009 - 09:39 PM

Here is the malwarebytes log. its also telling me a couple things cant be romved til i restart my computer.


Malwarebytes' Anti-Malware 1.41
Database version: 3143
Windows 6.0.6001 Service Pack 1

11/10/2009 4:38:40 PM
mbam-log-2009-11-10 (16-38-40).txt

Scan type: Quick Scan
Objects scanned: 88018
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\calc.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\calc.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Owner\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 11 November 2009 - 06:24 AM

Hi,

that looks good. Please reboot your PC and post me a new OTL log (only otl.txt will be created), so that I can see what gets recreated.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 11 November 2009 - 08:03 PM

OTL logfile created on: 11/11/2009 3:01:02 PM - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.18% Memory free
4.00 Gb Paging File | 3.54 Gb Available in Paging File | 88.42% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 54.07 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/11 01:56:04 | 00,215,104 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/11/11 01:56:04 | 00,215,104 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/11/09 21:27:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/11/06 10:40:10 | 01,242,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2009/11/06 10:40:08 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
PRC - [2009/07/27 14:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/04/05 18:40:20 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/04/04 22:16:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Steam\steam
PRC - [2009/04/04 22:16:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Steam\steam
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/10 07:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/02/19 10:26:52 | 00,876,544 | ---- | M] (CNET Networks, Inc.) -- C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [1999/12/12 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTsvcCDA.exe


========== Modules (SafeList) ==========

MOD - [2009/11/09 21:27:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/08/26 19:22:28 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009/07/17 04:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/02/12 22:47:47 | 00,026,112 | ---- | M] (Microsoft) -- C:\Users\Owner\ntuser.dll
MOD - [2008/04/09 05:18:14 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/01/18 21:37:12 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/18 21:36:48 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2008/01/18 21:36:48 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/18 21:36:34 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2008/01/18 21:33:45 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2008/01/18 21:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/01 22:33:06 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/04/29 18:59:06 | 06,462,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/04/29 18:58:54 | 00,287,648 | ---- | M] () -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2008/01/18 22:06:50 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/18 22:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/11/11 01:56:04 | 00,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/11/06 10:40:08 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe -- (IS360service)
SRV - [2009/10/28 15:41:22 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/05 18:40:20 | 00,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/14 19:47:05 | 00,138,168 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/11 09:09:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/09/15 21:44:27 | 00,079,360 | ---- | M] (Kinetic Books) -- C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe -- (Kinetic Books License Service)
SRV - [2008/08/25 14:26:18 | 00,242,424 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/27 08:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/27 08:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/06/19 15:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 15:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/01/18 22:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr)
SRV - [2008/01/18 22:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 05:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 03:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 20:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 20:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 16:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 11:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/04/01 15:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [1999/12/12 07:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTsvcCDA.exe -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/12 09:07:49 | 00,314,016 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/09/12 09:07:49 | 00,043,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/01/25 17:09:41 | 00,818,424 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/06/19 17:24:32 | 00,033,792 | ---- | M] () -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2008/01/18 20:47:12 | 00,046,080 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/18 20:33:58 | 00,098,816 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio)
DRV:64bit: - [2006/11/01 19:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/09 16:09:03 | 00,742,696 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2008/06/12 20:48:20 | 00,012,528 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2008/01/17 12:38:47 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/09/18 11:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sportshawaii.com/sh/index.php
IE - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\S-1-5-21-1962972053-3060331264-1401746588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 03:00:57 | 00,000,000 | ---D | M]

[2009/04/13 21:06:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/13 21:06:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (297277 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10269 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [calc] C:\Windows\SysWow64\calc.DLL (Microsoft)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [calc] C:\Users\Owner\ntuser.DLL (Microsoft)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [VnrBlock21] C:\Program Files (x86)\VnrBlock\VnrBlock21.exe File not found
O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameSpot Download Manager.lnk = C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe (CNET Networks, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\ua_lsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\ua_lsp.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/11 16:27:33 | 00,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe -- [2007/03/22 13:57:09 | 00,051,336 | R--- | M] ()
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe -- [2007/05/31 17:23:56 | 00,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{c37f379c-5a0b-11de-9a43-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{c37f37a1-5a0b-11de-9a43-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (s\Cu) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/10 16:24:55 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
[2009/11/09 21:27:58 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/04 15:08:07 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2009/11/04 15:08:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/04 07:12:21 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/04 07:12:19 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/02 21:02:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/30 14:15:20 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/10/30 14:15:20 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/10/30 14:15:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2009/10/28 19:07:20 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/28 19:07:20 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/27 14:07:22 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/27 14:07:19 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/27 14:07:15 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2009/10/13 11:34:25 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/10/13 11:34:25 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/10/13 11:34:23 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/10/13 11:34:23 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/10/13 11:34:22 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/10/13 11:34:00 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/13 11:33:55 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/13 11:33:54 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/13 11:33:53 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/13 11:33:53 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/13 11:33:52 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/13 11:33:52 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/13 11:33:51 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/13 11:33:51 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/13 11:33:51 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/13 11:33:50 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/13 11:33:50 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/13 11:33:50 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/13 11:33:50 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/13 11:33:50 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/13 11:33:50 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/13 11:33:50 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/13 11:33:50 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/13 11:33:50 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/13 11:32:54 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/13 11:32:23 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/11 15:01:09 | 06,029,312 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2009/11/11 14:59:41 | 00,643,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/11 14:59:41 | 00,354,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/11 14:59:41 | 00,287,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/11 14:53:30 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/11 14:53:30 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/11 14:53:29 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/11 14:53:29 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/11 14:53:25 | 00,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2009/11/11 14:53:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/11 14:53:14 | 00,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 14:53:14 | 00,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 14:53:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/11 14:53:05 | 21,459,68128 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/11 14:51:53 | 00,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/11 14:51:53 | 00,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/11 14:51:30 | 02,689,761 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2009/11/11 01:56:04 | 00,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/11/11 01:56:04 | 00,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/11/10 16:25:46 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/10 16:24:55 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
[2009/11/09 21:27:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/06 14:53:46 | 00,000,903 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/02 21:02:51 | 00,001,928 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/11/01 03:38:58 | 00,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/11/01 03:38:54 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/10/28 20:54:42 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\video.avs
[2009/10/26 19:07:19 | 00,000,857 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/26 19:07:19 | 00,000,855 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/24 21:04:59 | 00,148,425 | ---- | M] () -- C:\Users\Owner\Documents\Doc1.docx
[2009/10/24 15:30:17 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum85.sav
[2009/10/24 15:12:54 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum84.sav
[2009/10/24 15:08:13 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum83.sav
[2009/10/24 14:39:27 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum82.sav
[2009/10/24 14:28:47 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum81.sav
[2009/10/24 14:26:51 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum80.sav
[2009/10/24 14:24:04 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum79.sav
[2009/10/24 11:31:39 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum78.sav
[2009/10/24 11:16:52 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum77.sav
[2009/10/24 10:46:39 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum76.sav
[2009/10/21 23:59:08 | 00,010,075 | ---- | M] () -- C:\Users\Owner\Documents\xer 21.docx
[2009/10/21 17:06:37 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum75.sav
[2009/10/21 16:57:31 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum74.sav
[2009/10/21 16:36:29 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum73.sav
[2009/10/21 16:30:41 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum72.sav
[2009/10/21 16:14:52 | 09,236,480 | ---- | M] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/21 12:36:56 | 01,638,912 | ---- | M] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/21 00:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/20 22:44:02 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum71.sav
[2009/10/20 22:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/20 22:04:59 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum70.sav
[2009/10/20 21:59:31 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum69.sav
[2009/10/20 21:56:28 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum68.sav
[2009/10/20 21:52:05 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum67.sav
[2009/10/19 22:03:02 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum66.sav
[2009/10/19 21:55:13 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum65.sav
[2009/10/19 21:52:59 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum64.sav
[2009/10/19 21:35:42 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum63.sav
[2009/10/19 21:32:03 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum62.sav
[2009/10/17 23:00:13 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum61.sav
[2009/10/17 22:19:23 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum60.sav
[2009/10/17 22:16:27 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum59.sav
[2009/10/17 21:59:50 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum58.sav
[2009/10/17 21:49:01 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum57.sav
[2009/10/17 21:44:29 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum56.sav
[2009/10/17 18:50:21 | 00,010,407 | ---- | M] () -- C:\Users\Owner\Documents\Blake Tolentino.docx
[2009/10/16 07:19:40 | 00,072,800 | ---- | M] () -- C:\Users\Owner\Documents\___1[1].pdf
[2009/10/13 07:45:29 | 00,001,754 | ---- | M] () -- C:\Users\Owner\Desktop\LimeWire 5.3.6.lnk
[2009/10/12 21:59:36 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum55.sav
[2009/10/12 20:28:17 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum54.sav
[2009/10/12 15:27:48 | 00,055,296 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/04 15:08:04 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 15:08:01 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/04 07:12:20 | 09,236,480 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/11/04 07:12:19 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/11/02 21:02:51 | 00,001,928 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2009/10/30 14:15:24 | 00,000,903 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/10/27 14:07:23 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/27 14:07:22 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/27 14:07:15 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/10/26 19:07:19 | 00,000,857 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/26 19:07:19 | 00,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/24 21:04:59 | 00,148,425 | ---- | C] () -- C:\Users\Owner\Documents\Doc1.docx
[2009/10/24 15:14:36 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum85.sav
[2009/10/24 15:08:17 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum84.sav
[2009/10/24 14:39:51 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum83.sav
[2009/10/24 14:28:59 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum82.sav
[2009/10/24 14:27:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum81.sav
[2009/10/24 14:24:10 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum80.sav
[2009/10/24 11:32:25 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum79.sav
[2009/10/24 11:18:20 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum78.sav
[2009/10/24 10:56:49 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum77.sav
[2009/10/21 23:59:04 | 00,010,075 | ---- | C] () -- C:\Users\Owner\Documents\xer 21.docx
[2009/10/21 17:10:07 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum76.sav
[2009/10/21 17:02:01 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum75.sav
[2009/10/21 16:37:05 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum74.sav
[2009/10/21 16:33:50 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum73.sav
[2009/10/20 22:44:42 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum72.sav
[2009/10/20 22:05:03 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum71.sav
[2009/10/20 21:59:56 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum70.sav
[2009/10/20 21:56:32 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum69.sav
[2009/10/20 21:52:28 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum68.sav
[2009/10/19 22:03:08 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum67.sav
[2009/10/19 21:56:35 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum66.sav
[2009/10/19 21:53:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum65.sav
[2009/10/19 21:35:47 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum64.sav
[2009/10/19 21:32:08 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum63.sav
[2009/10/17 22:59:36 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum62.sav
[2009/10/17 22:20:16 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum61.sav
[2009/10/17 22:16:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum60.sav
[2009/10/17 22:00:11 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum59.sav
[2009/10/17 21:49:39 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum58.sav
[2009/10/17 21:44:36 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum57.sav
[2009/10/17 18:50:20 | 00,010,407 | ---- | C] () -- C:\Users\Owner\Documents\Blake Tolentino.docx
[2009/10/16 07:19:40 | 00,072,800 | ---- | C] () -- C:\Users\Owner\Documents\___1[1].pdf
[2009/10/13 11:34:37 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/13 11:34:26 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/10/13 11:34:25 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/10/13 11:34:24 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/10/13 11:34:23 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/10/13 11:34:23 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/10/13 11:34:00 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/13 11:33:56 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/13 11:33:53 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/13 11:33:52 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/13 11:33:52 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/13 11:33:52 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/13 11:33:52 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/13 11:33:51 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/13 11:33:51 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/13 11:33:50 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/13 11:33:50 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/13 11:33:50 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/13 11:33:50 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/13 11:33:50 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/13 11:33:50 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/13 11:33:50 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/13 11:33:50 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/13 11:33:50 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/13 11:33:50 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/13 11:32:54 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/13 11:32:52 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/13 11:32:23 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/13 07:45:29 | 00,001,754 | ---- | C] () -- C:\Users\Owner\Desktop\LimeWire 5.3.6.lnk
[2009/10/12 22:00:16 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum56.sav
[2009/10/12 20:29:45 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum55.sav
[2009/08/06 03:25:28 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/08/06 03:25:28 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/06 03:25:28 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/08/06 03:25:28 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/06/22 11:35:59 | 00,058,039 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/22 11:35:59 | 00,058,039 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/28 14:15:32 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/12/09 16:41:40 | 00,027,193 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheckdotnetfx30.txt
[2008/12/09 16:41:34 | 00,032,900 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3install.txt
[2008/12/09 16:41:34 | 00,001,578 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2008/12/09 16:41:34 | 00,000,604 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3error.txt
[2008/10/11 09:16:11 | 00,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/15 21:44:31 | 00,437,084 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI67DC.txt
[2008/09/15 21:44:31 | 00,011,364 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI67DC.txt
[2008/09/15 21:43:55 | 04,677,647 | ---- | C] () -- C:\Windows\SysWow64\kbpwprinc.dll
[2008/09/15 14:14:24 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/15 14:12:02 | 00,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008/09/15 14:12:02 | 00,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008/09/15 14:11:10 | 00,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/07/26 22:48:57 | 02,689,761 | -H-- | C] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2008/07/15 21:34:35 | 00,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2008/06/30 20:28:06 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2008/06/30 20:28:06 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2008/06/11 13:55:04 | 00,041,296 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2008/05/29 17:27:39 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/05/29 17:27:17 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/03/11 21:32:51 | 00,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll
[2008/03/11 21:32:51 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2008/03/11 21:32:40 | 00,151,040 | -HS- | C] () -- C:\Windows\SysWow64\VistaUltm.dll
[2008/03/11 21:32:40 | 00,027,648 | -HS- | C] () -- C:\Windows\SysWow64\Smab0.dll
[2008/03/11 21:31:41 | 00,055,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 20:06:29 | 00,000,347 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/11/26 21:56:28 | 00,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007/11/22 12:24:57 | 00,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2007/11/21 21:54:54 | 00,621,228 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007/10/28 15:50:43 | 00,000,080 | ---- | C] () -- C:\Windows\CoD.ini
[2007/10/19 19:03:10 | 00,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2007/08/21 08:29:45 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2007/08/21 08:01:38 | 00,101,440 | ---- | C] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/21 08:01:16 | 00,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2004/02/11 15:14:06 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\ua_lsp.dll

========== Files - Unicode (All) ==========
[2008/10/04 21:54:37 | 00,000,000 | ---D | M](C:\Windows\SysWow64\?ppPatch) -- C:\Windows\SysWow64\АppPatch
[2008/10/04 20:42:40 | 00,000,000 | ---D | C](C:\Windows\SysWow64\?ppPatch) -- C:\Windows\SysWow64\АppPatch
[2008/10/06 20:51:11 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\??stem32) -- C:\Users\Owner\Documents\ѕуstem32
[2008/10/06 20:49:55 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\??stem32) -- C:\Users\Owner\Documents\ѕуstem32
[2008/10/08 19:56:26 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\?ystem) -- C:\Users\Owner\Documents\ѕystem
[2008/10/08 19:55:39 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\?ystem) -- C:\Users\Owner\Documents\ѕystem
[2008/10/01 20:22:42 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\?dobe) -- C:\Users\Owner\Documents\Αdobe
[2008/10/01 20:18:19 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\?dobe) -- C:\Users\Owner\Documents\Αdobe
[2008/10/07 20:54:16 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\?racle) -- C:\Users\Owner\AppData\Roaming\Οracle
[2008/10/02 20:42:16 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\S?mantec) -- C:\Users\Owner\AppData\Roaming\Sуmantec
[2008/09/30 19:42:59 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\F?nts) -- C:\Users\Owner\AppData\Roaming\Fοnts
[2008/09/30 19:41:37 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\A?pPatch) -- C:\Users\Owner\AppData\Roaming\AрpPatch
[2008/10/10 19:58:12 | 00,000,000 | ---D | M](C:\Program Files (x86)\?dobe) -- C:\Program Files (x86)\Αdobe
[2008/10/03 20:41:29 | 00,000,000 | ---D | M](C:\Program Files (x86)\s?curity) -- C:\Program Files (x86)\sеcurity
[2008/10/09 19:52:06 | 00,000,000 | ---D | M](C:\Program Files (x86)\Common Files\??stem) -- C:\Program Files (x86)\Common Files\ѕуstem
[2008/10/05 20:46:34 | 00,000,000 | ---D | M](C:\Program Files (x86)\Common Files\T?sks) -- C:\Program Files (x86)\Common Files\Tаsks
< End of report >

#9 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 11 November 2009 - 11:58 PM

update on the situation. the browser hijacker is redirecting using a new url. it is huytebesy4ko.net.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 12 November 2009 - 08:21 AM

Hi,

let's try the following fix. It could be that Malwarebytes is missing a file which brings the infections back:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    MOD - [2009/02/12 22:47:47 | 00,026,112 | ---- | M] (Microsoft) -- C:\Users\Owner\ntuser.dll
    O4 - HKLM..\Run: [calc] C:\Windows\SysWow64\calc.DLL (Microsoft)
    O4 - HKU\S-1-5-21-1962972053-3060331264-1401746588-1000..\Run: [calc] C:\Users\Owner\ntuser.DLL (Microsoft)
    :files
    C:\Windows\System32\calc.dll
    C:\Users\Owner\ntuser.dll
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll 
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk 
    C:\Users\Owner\AppData\Local\Temp\nsrbgxod.bak
    C:\users\owner\appdata\local\temp\rundll32.exe
    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Could you please check if you can still boot into safe mode. Don't user MSCONFIG for it, instead reboot and press F8 at boot.

regards myrit

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 12 November 2009 - 11:48 PM

Ran the custom fix. Got an error message when it strated emptying the temp folders sayin "range find error" or something and I clicked ok (the only option available) and now the program seems to have stalled. Hasn't changed in 20 minutes but still says "emptying temp folders. Do not interrupt.)

#12 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 12 November 2009 - 11:55 PM

ok, i realized the scan was just paused so it finished and rebooted my system. here is the log.


All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[reboot]> in the current context!

OTL by OldTimer - Version 3.1.4.0 log created on 11122009_184843

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\nsrbgxod.bak moved successfully.

Registry entries deleted on Reboot...

#13 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 13 November 2009 - 12:02 AM

ok, ran the scan again. however, the file was saved under OTL.Txt, not OTListIt.Txt. hoping i did it right.


OTL logfile created on: 11/12/2009 6:56:41 PM - Run 4
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.27% Memory free
4.00 Gb Paging File | 3.54 Gb Available in Paging File | 88.50% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 60.54 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe (CNET Networks, Inc.)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\wininet.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\authz.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IS360service) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (aawservice) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Kinetic Books License Service) -- C:\Program Files (x86)\Common Files\Kinetic Books Shared\Service\KineticBooksLicenseService.exe (Kinetic Books)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 03:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (odserv) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (StarWindService) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (usbaudio) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys ()
DRV - (secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sportshawaii.com/sh/index.php
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 03:00:57 | 00,000,000 | ---D | M]

[2009/04/13 21:06:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/04/13 21:06:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (297277 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10269 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [calc] C:\Windows\SysWow64\calc.DLL ()
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [calc] C:\Users\Owner\ntuser.DLL ()
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [VnrBlock21] C:\Program Files (x86)\VnrBlock\VnrBlock21.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameSpot Download Manager.lnk = C:\Users\Owner\GameSpot\GameSpotDownloadManager_Win32.exe (CNET Networks, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK = C:\Program Files (x86)\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.dll ()
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk = C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\ua_lsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\ua_lsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\ua_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\ua_lsp.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/11 16:27:33 | 00,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2007/03/22 13:57:09 | 00,051,336 | R--- | M] ()
O33 - MountPoints2\{87d52397-500f-11dc-ac22-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\DXSETUP.exe -- [2007/05/31 17:23:56 | 00,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{c37f379c-5a0b-11de-9a43-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{c37f37a1-5a0b-11de-9a43-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (s\Cu) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/12 18:36:11 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/11 16:17:36 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/11/10 16:24:55 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
[2009/11/09 21:27:58 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/04 15:08:07 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2009/11/04 15:08:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/04 15:08:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/04 07:12:21 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/04 07:12:19 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/02 21:02:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/10/30 14:15:20 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/10/30 14:15:20 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009/10/30 14:15:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2009/10/28 19:07:20 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/28 19:07:20 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/27 14:07:22 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/27 14:07:19 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/27 14:07:15 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/26 19:07:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan

========== Files - Modified Within 30 Days ==========

[2009/11/12 18:56:32 | 00,643,090 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/12 18:56:32 | 00,354,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/12 18:56:32 | 00,287,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/12 18:56:26 | 06,029,312 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2009/11/12 18:50:38 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/12 18:50:38 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/12 18:50:37 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/12 18:50:37 | 00,058,039 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/12 18:50:23 | 00,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2009/11/12 18:50:14 | 00,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 18:50:14 | 00,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 18:50:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/12 18:50:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/12 18:49:57 | 21,459,68128 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/12 18:48:56 | 00,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/12 18:48:56 | 00,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/12 18:48:53 | 02,694,426 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2009/11/12 18:36:35 | 00,000,815 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2009/11/12 03:25:08 | 00,372,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/11 21:12:36 | 00,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009/11/11 21:12:36 | 00,215,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/11/10 16:25:46 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/10 16:24:55 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
[2009/11/09 21:27:34 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/06 14:53:46 | 00,000,903 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/11/02 21:02:51 | 00,001,928 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/11/01 03:38:58 | 00,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/11/01 03:38:54 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/10/28 20:54:42 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\video.avs
[2009/10/26 19:07:19 | 00,000,857 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/26 19:07:19 | 00,000,855 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/24 21:04:59 | 00,148,425 | ---- | M] () -- C:\Users\Owner\Documents\Doc1.docx
[2009/10/24 15:30:17 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum85.sav
[2009/10/24 15:12:54 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum84.sav
[2009/10/24 15:08:13 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum83.sav
[2009/10/24 14:39:27 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum82.sav
[2009/10/24 14:28:47 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum81.sav
[2009/10/24 14:26:51 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum80.sav
[2009/10/24 14:24:04 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum79.sav
[2009/10/24 11:31:39 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum78.sav
[2009/10/24 11:16:52 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum77.sav
[2009/10/24 10:46:39 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum76.sav
[2009/10/21 23:59:08 | 00,010,075 | ---- | M] () -- C:\Users\Owner\Documents\xer 21.docx
[2009/10/21 17:06:37 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum75.sav
[2009/10/21 16:57:31 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum74.sav
[2009/10/21 16:36:29 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum73.sav
[2009/10/21 16:30:41 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum72.sav
[2009/10/21 16:14:52 | 09,236,480 | ---- | M] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/21 12:36:56 | 01,638,912 | ---- | M] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/21 00:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/20 22:44:02 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum71.sav
[2009/10/20 22:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/20 22:04:59 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum70.sav
[2009/10/20 21:59:31 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum69.sav
[2009/10/20 21:56:28 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum68.sav
[2009/10/20 21:52:05 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum67.sav
[2009/10/19 22:03:02 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum66.sav
[2009/10/19 21:55:13 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum65.sav
[2009/10/19 21:52:59 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum64.sav
[2009/10/19 21:35:42 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum63.sav
[2009/10/19 21:32:03 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum62.sav
[2009/10/17 23:00:13 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum61.sav
[2009/10/17 22:19:23 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum60.sav
[2009/10/17 22:16:27 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum59.sav
[2009/10/17 21:59:50 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum58.sav
[2009/10/17 21:49:01 | 00,962,532 | ---- | M] () -- C:\Users\Owner\Documents\avernum57.sav
[2009/10/17 21:44:29 | 00,916,282 | ---- | M] () -- C:\Users\Owner\Documents\avernum56.sav
[2009/10/17 18:50:21 | 00,010,407 | ---- | M] () -- C:\Users\Owner\Documents\Blake Tolentino.docx
[2009/10/16 07:19:40 | 00,072,800 | ---- | M] () -- C:\Users\Owner\Documents\___1[1].pdf

========== Files Created - No Company Name ==========

[2009/11/11 16:17:36 | 00,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2009/11/11 16:17:34 | 02,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/11/04 15:08:04 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 15:08:01 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/04 07:12:20 | 09,236,480 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/11/04 07:12:19 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/11/02 21:02:51 | 00,001,928 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2009/10/30 14:15:24 | 00,000,903 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2009/10/27 14:07:23 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/27 14:07:22 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/27 14:07:15 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/10/26 19:07:19 | 00,000,857 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan.lnk
[2009/10/26 19:07:19 | 00,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/24 21:04:59 | 00,148,425 | ---- | C] () -- C:\Users\Owner\Documents\Doc1.docx
[2009/10/24 15:14:36 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum85.sav
[2009/10/24 15:08:17 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum84.sav
[2009/10/24 14:39:51 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum83.sav
[2009/10/24 14:28:59 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum82.sav
[2009/10/24 14:27:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum81.sav
[2009/10/24 14:24:10 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum80.sav
[2009/10/24 11:32:25 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum79.sav
[2009/10/24 11:18:20 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum78.sav
[2009/10/24 10:56:49 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum77.sav
[2009/10/21 23:59:04 | 00,010,075 | ---- | C] () -- C:\Users\Owner\Documents\xer 21.docx
[2009/10/21 17:10:07 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum76.sav
[2009/10/21 17:02:01 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum75.sav
[2009/10/21 16:37:05 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum74.sav
[2009/10/21 16:33:50 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum73.sav
[2009/10/20 22:44:42 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum72.sav
[2009/10/20 22:05:03 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum71.sav
[2009/10/20 21:59:56 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum70.sav
[2009/10/20 21:56:32 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum69.sav
[2009/10/20 21:52:28 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum68.sav
[2009/10/19 22:03:08 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum67.sav
[2009/10/19 21:56:35 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum66.sav
[2009/10/19 21:53:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum65.sav
[2009/10/19 21:35:47 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum64.sav
[2009/10/19 21:32:08 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum63.sav
[2009/10/17 22:59:36 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum62.sav
[2009/10/17 22:20:16 | 00,916,282 | ---- | C] () -- C:\Users\Owner\Documents\avernum61.sav
[2009/10/17 22:16:34 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum60.sav
[2009/10/17 22:00:11 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum59.sav
[2009/10/17 21:49:39 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum58.sav
[2009/10/17 21:44:36 | 00,962,532 | ---- | C] () -- C:\Users\Owner\Documents\avernum57.sav
[2009/10/17 18:50:20 | 00,010,407 | ---- | C] () -- C:\Users\Owner\Documents\Blake Tolentino.docx
[2009/10/16 07:19:40 | 00,072,800 | ---- | C] () -- C:\Users\Owner\Documents\___1[1].pdf
[2009/08/06 03:25:28 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/08/06 03:25:28 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/06 03:25:28 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/08/06 03:25:28 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/06/22 11:35:59 | 00,058,039 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/22 11:35:59 | 00,058,039 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/14 23:30:06 | 00,000,000 | -HS- | C] () -- C:\Windows\SysWow64\calc.dll
[2009/02/28 14:15:32 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/12/09 16:41:40 | 00,027,193 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheckdotnetfx30.txt
[2008/12/09 16:41:34 | 00,032,900 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3install.txt
[2008/12/09 16:41:34 | 00,001,578 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2008/12/09 16:41:34 | 00,000,604 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx3error.txt
[2008/10/11 09:16:11 | 00,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/15 21:44:31 | 00,437,084 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistMSI67DC.txt
[2008/09/15 21:44:31 | 00,011,364 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_vcredistUI67DC.txt
[2008/09/15 21:43:55 | 04,677,647 | ---- | C] () -- C:\Windows\SysWow64\kbpwprinc.dll
[2008/09/15 14:14:24 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/15 14:12:02 | 00,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008/09/15 14:12:02 | 00,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008/09/15 14:11:10 | 00,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/07/26 22:48:57 | 02,694,426 | -H-- | C] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2008/07/15 21:34:35 | 00,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2008/06/30 20:28:06 | 00,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2008/06/30 20:28:06 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2008/06/11 13:55:04 | 00,041,296 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2008/05/29 17:27:39 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/05/29 17:27:17 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/03/11 21:32:51 | 00,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll
[2008/03/11 21:32:51 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2008/03/11 21:32:40 | 00,151,040 | -HS- | C] () -- C:\Windows\SysWow64\VistaUltm.dll
[2008/03/11 21:32:40 | 00,027,648 | -HS- | C] () -- C:\Windows\SysWow64\Smab0.dll
[2008/03/11 21:31:41 | 00,055,296 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 20:06:29 | 00,000,347 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/11/26 21:56:28 | 00,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007/11/22 12:24:57 | 00,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2007/11/21 21:54:54 | 00,621,228 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007/10/28 15:50:43 | 00,000,080 | ---- | C] () -- C:\Windows\CoD.ini
[2007/10/19 19:03:10 | 00,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2007/08/21 08:29:45 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2007/08/21 08:01:38 | 00,101,440 | ---- | C] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/08/21 08:01:16 | 00,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2006/11/02 05:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2004/02/11 15:14:06 | 00,032,768 | ---- | C] () -- C:\Windows\SysWow64\ua_lsp.dll

========== Files - Unicode (All) ==========
[2008/10/04 21:54:37 | 00,000,000 | ---D | M](C:\Windows\SysWow64\?ppPatch) -- C:\Windows\SysWow64\АppPatch
[2008/10/04 20:42:40 | 00,000,000 | ---D | C](C:\Windows\SysWow64\?ppPatch) -- C:\Windows\SysWow64\АppPatch
[2008/10/06 20:51:11 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\??stem32) -- C:\Users\Owner\Documents\ѕуstem32
[2008/10/06 20:49:55 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\??stem32) -- C:\Users\Owner\Documents\ѕуstem32
[2008/10/08 19:56:26 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\?ystem) -- C:\Users\Owner\Documents\ѕystem
[2008/10/08 19:55:39 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\?ystem) -- C:\Users\Owner\Documents\ѕystem
[2008/10/01 20:22:42 | 00,000,000 | ---D | M](C:\Users\Owner\Documents\?dobe) -- C:\Users\Owner\Documents\Αdobe
[2008/10/01 20:18:19 | 00,000,000 | ---D | C](C:\Users\Owner\Documents\?dobe) -- C:\Users\Owner\Documents\Αdobe
[2008/10/07 20:54:16 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\?racle) -- C:\Users\Owner\AppData\Roaming\Οracle
[2008/10/02 20:42:16 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\S?mantec) -- C:\Users\Owner\AppData\Roaming\Sуmantec
[2008/09/30 19:42:59 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\F?nts) -- C:\Users\Owner\AppData\Roaming\Fοnts
[2008/09/30 19:41:37 | 00,000,000 | ---D | M](C:\Users\Owner\AppData\Roaming\A?pPatch) -- C:\Users\Owner\AppData\Roaming\AрpPatch
[2008/10/10 19:58:12 | 00,000,000 | ---D | M](C:\Program Files (x86)\?dobe) -- C:\Program Files (x86)\Αdobe
[2008/10/03 20:41:29 | 00,000,000 | ---D | M](C:\Program Files (x86)\s?curity) -- C:\Program Files (x86)\sеcurity
[2008/10/09 19:52:06 | 00,000,000 | ---D | M](C:\Program Files (x86)\Common Files\??stem) -- C:\Program Files (x86)\Common Files\ѕуstem
[2008/10/05 20:46:34 | 00,000,000 | ---D | M](C:\Program Files (x86)\Common Files\T?sks) -- C:\Program Files (x86)\Common Files\Tаsks
< End of report >





so far, it appears as if the browser hijacker is gone though.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 13 November 2009 - 08:45 AM

Hi,

there still are a couple of entries left, that need to be removed. Are you familiar with the following file: avernum85.sav, did you create them yourself, or do you know by which program they were created? Or should we remove them?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 xer 21

xer 21
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 13 November 2009 - 01:41 PM

avernum85.sav is a savegame file i created for a game using the game's save feature. unless its been taken over by something else, it doesn't need to be removed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users