Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mother of all VIrus


  • This topic is locked This topic is locked
14 replies to this topic

#1 Nasanireru

Nasanireru

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 21 November 2009 - 09:00 PM

Hi guys, I have been trying to remove a virus for a week now and I'm getting to the point of ripping my hair out. I have done virus/malware scans from nearly all providers I can find removed about 30 different trojans but I still can't seem to find the source. I can slow the virus down but it nearly always seem to be able to repair itself (or so it seems). Sometime the computer doesn't respond to my commands, eg. pressing alt+ctrl+del does nothing clicking on shutdown does nothing and windows wont pop up. Other times like now I can do anything relatively hassle free (except IE never works). Random tabs open up in my browser too. I have stripped down my OS (vista home) to nearly a bare shell but still cant get rid of this bleeping virus. :(

**EDIT** After reading many other threads of people with the same symptoms as my own I decided to run a combofix scan by carefully following your online instructions. This seems to have fixed my problem so far. My only issue would now be, how do I clean my portable drive? I don't want to plug it back in because it will infect my PC again. It also has all my stuff on it. Also I noticed that a fair bit of my PC was infected and after combofix cleaned it I am missing things like sidebar, google search box and my audio control program

Attached Files


Edited by Nasanireru, 22 November 2009 - 05:41 AM.


BC AdBot (Login to Remove)

 


#2 Nasanireru

Nasanireru
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 21 November 2009 - 10:06 PM

I am now getting "internet explorer has stopped working" pop up about every 30 secs even though I am not using it. Sometimes followed by "rundl32 has stopped working"

#3 Nasanireru

Nasanireru
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 28 November 2009 - 03:41 AM

I am still having problems with my computer so I did a scan with windows live online scanner cause it's the only scanner that finds anything. It identified 2 virus' "win32/Alureon.A" and "iastor.sys.vir". Win live tries to remove them but it doesn't seem to work. It also found 194 registry entries but I'm not sure if that is caused by the virus or not.

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 28 November 2009 - 10:35 AM

Hello,
Do you still desire help? Please outline your current problems and inform me of what you have done since your last post.
Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Nasanireru

Nasanireru
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 28 November 2009 - 10:05 PM

Hello,
Do you still desire help? Please outline your current problems and inform me of what you have done since your last post.
Kind regards,
~ t


Hello thcbytes,

Yes, thankyou I still need help removing this virus. Right now the virus seems to be affecting my anti-virus programs, not allowing them to update properly. I also get random internet page re-directs when I click on links, but not always. I think I have been able to remove parts of the virus but not all of it. Tell me what you need from me and I will do it.

Thanks again,
Nathaniel

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 28 November 2009 - 11:50 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste al logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Yikes!! Your computer is in bad shape. I will make no promises with your computer and that's for sure but I am willing to give it my best.

You will need to connect you external drive during this process or you will reinfect any computer you reconnect it to possibly.

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

==========

I see you have run Combofix unsupervised.....this is ill advised!!

:( This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! :(

Right click and delete your current copy of Combofix!!!

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* Exehelper log
* Combofix.txt
* Gmer log
* How is it running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Nasanireru

Nasanireru
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 29 November 2009 - 12:56 AM

Hello again, thankx for the quick response. Here are the logs you requested

exeHelper by Raktor
Build 20091122
Run at 15:37:58 on 11/29/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

---------------------------------------------------------------------------------------------------------------------------------------

ComboFix 09-11-28.03 - Nathaniel 29/11/2009 15:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3326.1660 [GMT 10.5:30]
Running from: c:\users\Nathaniel\Desktop\thcbytes.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\twain_32.dll
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-29 05:31 . 2009-11-29 05:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-29 05:31 . 2009-11-29 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-28 10:41 . 2009-11-28 10:41 -------- d-----w- c:\windows\LastGood.Tmp
2009-11-28 07:32 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-27 23:38 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-27 23:38 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 13:11 . 2009-11-22 13:47 8192 d-----w- c:\windows\BDOSCAN8
2009-11-22 10:30 . 2009-11-29 05:31 4096 d-----w- c:\users\Nathaniel\AppData\Local\temp
2009-11-22 01:09 . 2009-11-22 01:09 -------- d-----w- C:\rsit
2009-11-20 13:31 . 2009-09-04 06:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-20 13:31 . 2009-09-04 06:59 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-20 08:40 . 2009-11-20 08:40 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\Malwarebytes
2009-11-20 08:39 . 2009-11-20 08:39 -------- d-----w- c:\programdata\Malwarebytes
2009-11-20 08:36 . 2009-11-20 08:36 -------- d-----w- c:\program files\Trend Micro
2009-11-16 04:34 . 2009-11-28 07:29 4096 d-----w- c:\program files\Windows Live Safety Center
2009-11-15 00:00 . 2009-11-15 00:00 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\BD_TEMP
2009-11-13 06:51 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 06:51 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-13 06:51 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-13 06:51 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 06:51 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-13 06:51 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-13 06:51 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 06:51 . 2009-08-06 08:53 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 06:51 . 2009-08-06 08:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 09:57 . 2009-11-12 11:49 4096 d-----w- c:\users\Nathaniel\AppData\Roaming\Apple Computer
2009-11-12 09:57 . 2009-05-18 03:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-12 09:57 . 2008-04-17 02:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-12 09:56 . 2009-11-12 09:56 -------- d-----w- c:\program files\iPod
2009-11-12 09:56 . 2009-11-12 09:57 4096 d-----w- c:\program files\iTunes
2009-11-12 09:56 . 2009-11-12 09:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-12 09:55 . 2009-11-12 09:55 4096 d-----w- c:\program files\QuickTime
2009-11-12 09:55 . 2009-11-12 09:56 -------- d-----w- c:\programdata\Apple Computer
2009-11-12 09:52 . 2009-11-12 09:56 -------- d-----w- c:\program files\Common Files\Apple
2009-11-12 09:12 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 09:05 . 2009-11-12 09:05 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-12 09:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 09:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-12 09:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-12 08:58 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-06 00:29 . 2009-11-06 00:29 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 00:29 . 2009-11-06 00:29 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 07:35 . 2009-11-02 07:35 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 07:35 . 2009-11-02 07:35 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 05:01 . 2009-10-08 02:32 -------- d-----w- c:\programdata\BitDefender
2009-11-29 05:01 . 2009-10-08 02:19 4096 d-----w- c:\program files\Common Files\BitDefender
2009-11-29 04:59 . 2009-10-08 02:48 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-11-28 10:43 . 2009-07-23 10:45 35275 ----a-w- c:\programdata\nvModes.dat
2009-11-28 10:43 . 2009-07-23 10:45 4096 d-----w- c:\programdata\NVIDIA
2009-11-21 03:44 . 2009-07-23 13:36 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-21 03:06 . 2009-07-25 07:42 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\Uniblue
2009-11-20 13:51 . 2009-08-03 10:33 -------- d-----w- c:\programdata\Media Center Programs
2009-11-20 13:50 . 2009-07-26 05:44 4096 d-----w- c:\program files\Java
2009-11-20 13:44 . 2009-08-02 14:36 4096 d-----w- c:\program files\easyHack
2009-11-20 11:11 . 2009-08-15 10:03 1 ----a-w- c:\users\Nathaniel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-19 11:40 . 2009-06-26 07:31 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-11-16 08:55 . 2009-08-10 22:00 4096 d-----w- c:\users\Nathaniel\AppData\Roaming\HpUpdate
2009-11-15 21:56 . 2009-07-23 11:29 4096 d-----w- c:\programdata\Google Updater
2009-11-14 04:01 . 2009-07-23 10:55 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 04:01 . 2009-08-17 12:28 2380538 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-11-12 09:56 . 2009-08-01 13:13 -------- d-----w- c:\program files\Bonjour
2009-11-12 09:54 . 2009-07-30 10:48 -------- d-----w- c:\programdata\Apple
2009-11-12 09:41 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 09:25 . 2009-07-23 10:38 53952 ----a-w- c:\users\Nathaniel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-12 09:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-12 09:04 . 2009-11-12 09:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-12 09:02 . 2009-11-12 09:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-12 08:46 . 2009-09-05 13:55 4096 d-----w- c:\program files\NSS
2009-11-12 08:46 . 2009-08-30 08:47 -------- d-----w- c:\program files\Nokia
2009-11-02 10:12 . 2009-10-05 03:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 10:28 . 2009-10-28 10:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 10:24 . 2009-10-28 10:24 -------- d-----w- c:\program files\CCleaner
2009-10-21 11:12 . 2009-08-30 08:52 4096 d-----w- c:\users\Nathaniel\AppData\Roaming\Nokia
2009-10-17 10:52 . 2009-07-31 12:13 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-10 17:47 . 2009-07-26 05:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 06:54 . 2009-10-10 06:54 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\Panasonic
2009-10-10 06:50 . 2009-10-10 06:50 -------- d-----w- c:\program files\Microsoft
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\wsbl.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\ph_white.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\ph_black.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\pcwords.dat
2009-10-08 02:42 . 2009-10-08 02:42 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-10-08 02:42 . 2009-10-08 02:42 16 ----a-w- c:\windows\system32\asdict.dat
2009-10-08 02:32 . 2009-10-08 02:32 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\BitDefender
2009-10-08 02:32 . 2009-10-08 02:32 -------- d-----w- c:\program files\BitDefender
2009-10-08 01:13 . 2009-07-23 10:38 680 ----a-w- c:\users\Nathaniel\AppData\Local\d3d9caps.dat
2009-10-05 18:58 . 2009-07-23 13:23 4096 d-----w- c:\programdata\HP
2009-10-05 08:03 . 2009-07-23 13:05 12288 d-----w- c:\users\Nathaniel\AppData\Roaming\uTorrent
2009-10-01 01:02 . 2009-11-12 09:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-12 09:01 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-12 09:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-12 09:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-12 09:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-12 09:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-12 09:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-12 09:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-12 09:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-12 09:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-12 09:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-12 09:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-12 09:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-12 09:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-12 09:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-12 09:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-28 05:25 . 2009-07-24 11:47 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-27 12:42 . 2009-09-27 12:42 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 12:42 . 2009-09-27 12:42 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 12:42 . 2009-09-27 12:42 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 12:42 . 2009-09-27 12:42 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 12:42 . 2009-09-27 12:42 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 12:42 . 2009-09-27 12:42 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 12:42 . 2009-09-27 12:42 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 12:42 . 2009-09-27 12:42 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 12:42 . 2009-09-27 12:42 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 12:42 . 2009-07-23 10:41 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-27 12:42 . 2009-04-30 14:02 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 12:42 . 2009-04-30 14:02 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 07:17 . 2009-09-27 07:17 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 07:17 . 2009-09-27 07:17 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 07:17 . 2009-09-27 07:17 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 07:17 . 2009-09-27 07:17 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 07:17 . 2009-09-27 07:17 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 07:17 . 2009-09-27 07:17 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 07:17 . 2009-09-27 07:17 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 07:17 . 2009-09-27 07:17 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 07:17 . 2009-09-27 07:17 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 07:17 . 2009-09-27 07:17 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 07:16 . 2009-09-27 07:16 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 07:16 . 2009-09-27 07:16 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-25 02:10 . 2009-11-12 09:01 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-12 09:01 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-12 09:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-12 09:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-12 09:01 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-12 09:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-12 09:01 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-12 09:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-12 09:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-12 09:01 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-12 09:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-12 09:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-12 09:01 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-10-19 08:29 . 2009-10-08 02:37 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-22_10.29.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-28 07:32 . 2009-10-29 09:26 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22254_none_17855e4d1ffaeb7e\tzupd.exe
+ 2008-01-21 02:23 . 2008-01-21 02:23 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18132_none_170f60c606cee124\tzupd.exe
+ 2009-11-28 07:32 . 2009-10-29 09:44 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22552_none_159cebd122d663ac\tzupd.exe
+ 2008-01-21 02:23 . 2008-01-21 02:23 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18351_none_15124cd609b9ad64\tzupd.exe
+ 2009-11-28 07:32 . 2009-10-29 09:36 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21150_none_13b482d325b1d628\tzupd.exe
+ 2009-11-28 07:32 . 2009-10-29 09:51 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16947_none_133cdfd80c85988c\tzupd.exe
+ 2008-01-21 01:58 . 2009-11-28 10:46 51930 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-28 10:46 84712 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2002-01-04 16:08 . 2002-01-04 16:08 54784 c:\windows\System32\msvci70.dll
- 2002-01-04 17:08 . 2002-01-04 17:08 54784 c:\windows\System32\msvci70.dll
- 2009-07-23 10:35 . 2009-11-22 05:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-23 10:35 . 2009-11-29 05:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-23 10:35 . 2009-11-29 05:22 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-23 10:35 . 2009-11-22 05:07 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-23 10:35 . 2009-11-29 05:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-23 10:35 . 2009-11-22 05:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-28 08:21 . 2009-11-28 10:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-28 08:21 . 2009-10-15 09:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-28 08:21 . 2009-10-15 09:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-28 08:21 . 2009-11-28 10:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-28 08:21 . 2009-10-15 09:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-28 08:21 . 2009-11-28 10:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-08 13:14 . 2009-11-20 13:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-08 13:14 . 2009-11-28 10:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-08 13:14 . 2009-11-20 13:23 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-08 13:14 . 2009-11-28 10:42 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-08 13:14 . 2009-11-28 10:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-08 13:14 . 2009-11-20 13:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-28 07:31 . 2009-11-28 07:31 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
- 2006-11-02 10:25 . 2009-11-19 10:59 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-11-28 10:41 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-11-19 10:59 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-11-28 10:41 51200 c:\windows\inf\infpub.dat
+ 2009-11-22 13:12 . 2009-11-22 13:12 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-11-22 13:12 . 2009-11-22 13:12 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-11-22 13:12 . 2009-11-22 13:12 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-11-22 13:12 . 2009-11-22 13:12 45056 c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-11-27 23:38 . 2009-08-11 16:58 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.22196_none_8a82c317ad5def05\msxml6r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18087_none_8a04f68294374ca1\msxml6r.dll
+ 2009-11-27 23:38 . 2009-08-11 17:04 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22492_none_88985007b03b3485\msxml6r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\msxml6r.dll
+ 2009-11-27 23:38 . 2009-08-10 12:51 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.21103_none_87143919b2caf4b4\msxml6r.dll
+ 2009-11-27 23:38 . 2009-08-10 13:05 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8\msxml6r.dll
+ 2009-11-27 23:38 . 2009-08-11 16:58 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22196_none_8a83076fad5da222\msxml3r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18087_none_8a053ada9436ffbe\msxml3r.dll
+ 2009-11-27 23:38 . 2009-08-11 17:04 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22492_none_8898945fb03ae7a2\msxml3r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\msxml3r.dll
+ 2009-11-27 23:38 . 2009-08-10 12:51 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.21103_none_87147d71b2caa7d1\msxml3r.dll
+ 2009-11-27 23:38 . 2009-08-10 13:05 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\msxml3r.dll
+ 2009-11-28 07:32 . 2009-10-29 09:26 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22254_none_17855e4d1ffaeb7e\tzres.dll
+ 2009-11-28 07:32 . 2009-10-29 09:17 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18132_none_170f60c606cee124\tzres.dll
+ 2009-11-28 07:32 . 2009-10-29 09:44 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22552_none_159cebd122d663ac\tzres.dll
+ 2009-11-28 07:32 . 2009-10-29 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18351_none_15124cd609b9ad64\tzres.dll
+ 2009-11-28 07:32 . 2009-10-29 07:55 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21150_none_13b482d325b1d628\tzres.dll
+ 2009-11-28 07:32 . 2009-10-29 07:59 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16947_none_133cdfd80c85988c\tzres.dll
- 2009-07-23 23:56 . 2009-11-19 10:44 1552 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-07-23 23:56 . 2009-11-24 09:02 1552 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-07-23 10:40 . 2009-11-28 10:46 7130 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-766394067-1362426571-2792811759-1000_UserData.bin
- 2009-07-23 10:40 . 2009-11-22 10:24 7130 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-766394067-1362426571-2792811759-1000_UserData.bin
+ 2009-11-28 10:42 . 2009-11-28 10:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-22 10:20 . 2009-11-22 10:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-22 10:20 . 2009-11-22 10:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-28 10:42 . 2009-11-28 10:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-29 04:56 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-22 10:27 599942 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-29 04:56 105448 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-22 10:27 105448 c:\windows\System32\perfc009.dat
+ 2003-02-20 17:12 . 2003-02-20 17:12 348160 c:\windows\System32\msvcr71.dll
- 2003-02-20 18:12 . 2003-02-20 18:12 348160 c:\windows\System32\msvcr71.dll
+ 2002-01-04 15:07 . 2002-01-04 15:07 344064 c:\windows\System32\msvcr70.dll
- 2002-01-04 16:07 . 2002-01-04 16:07 344064 c:\windows\System32\msvcr70.dll
+ 2003-03-18 08:44 . 2003-03-18 08:44 499712 c:\windows\System32\msvcp71.dll
- 2003-03-18 09:44 . 2003-03-18 09:44 499712 c:\windows\System32\msvcp71.dll
- 2002-01-04 17:10 . 2002-01-04 17:10 487424 c:\windows\System32\msvcp70.dll
+ 2002-01-04 16:10 . 2002-01-04 16:10 487424 c:\windows\System32\msvcp70.dll
- 2002-01-04 17:06 . 2002-01-04 17:06 964608 c:\windows\System32\mfc70u.dll
+ 2002-01-04 16:06 . 2002-01-04 16:06 964608 c:\windows\System32\mfc70u.dll
+ 2002-01-04 16:18 . 2002-01-04 16:18 974848 c:\windows\System32\mfc70.dll
- 2002-01-04 17:18 . 2002-01-04 17:18 974848 c:\windows\System32\mfc70.dll
- 2007-04-11 00:41 . 2007-04-11 00:41 511328 c:\windows\System32\capicom.dll
+ 2007-04-10 23:41 . 2007-04-10 23:41 511328 c:\windows\System32\capicom.dll
+ 2009-11-28 07:31 . 2009-11-28 07:31 429568 c:\windows\Installer\41570d.msi
+ 2009-11-28 07:29 . 2009-11-28 07:29 232960 c:\windows\Installer\415707.msp
+ 2009-11-28 07:29 . 2009-11-28 07:29 529920 c:\windows\Installer\4156fe.msp
- 2006-11-02 10:25 . 2009-11-19 10:59 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-11-28 10:41 143360 c:\windows\inf\infstrng.dat
+ 2009-01-05 05:14 . 2009-01-05 05:14 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-11-28 07:31 . 2009-11-28 07:31 1348432 c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5\msxml4.dll
+ 2009-11-27 23:38 . 2009-08-11 16:58 1401856 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.22196_none_8a82c317ad5def05\msxml6.dll
+ 2009-11-27 23:38 . 2009-08-11 16:44 1401856 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18087_none_8a04f68294374ca1\msxml6.dll
+ 2009-11-27 23:38 . 2009-08-11 15:26 1401344 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22492_none_88985007b03b3485\msxml6.dll
+ 2009-11-27 23:38 . 2009-08-10 11:01 1399296 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\msxml6.dll
+ 2009-11-27 23:38 . 2009-08-10 12:51 1409536 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.21103_none_87143919b2caf4b4\msxml6.dll
+ 2009-11-27 23:38 . 2009-08-10 13:05 1406464 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8\msxml6.dll
+ 2009-11-27 23:38 . 2009-08-11 16:58 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22196_none_8a83076fad5da222\msxml3.dll
+ 2009-11-27 23:38 . 2009-08-11 16:44 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18087_none_8a053ada9436ffbe\msxml3.dll
+ 2009-11-27 23:38 . 2009-08-11 15:25 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22492_none_8898945fb03ae7a2\msxml3.dll
+ 2009-11-27 23:38 . 2009-08-10 11:00 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\msxml3.dll
+ 2009-11-27 23:38 . 2009-08-10 12:51 1260032 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.21103_none_87147d71b2caa7d1\msxml3.dll
+ 2009-11-27 23:38 . 2009-08-10 13:05 1260032 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\msxml3.dll
+ 2006-11-02 10:22 . 2009-11-28 08:45 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-11-22 10:19 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-20 13:35 . 2009-07-20 13:35 1348432 c:\windows\System32\msxml4.dll
+ 2003-03-18 09:42 . 2003-03-18 09:42 1047552 c:\windows\System32\mfc71u.dll
- 2003-03-18 10:42 . 2003-03-18 10:42 1047552 c:\windows\System32\mfc71u.dll
+ 2003-03-18 09:50 . 2003-03-18 09:50 1060864 c:\windows\System32\mfc71.dll
- 2003-03-18 10:50 . 2003-03-18 10:50 1060864 c:\windows\System32\mfc71.dll
+ 2009-07-23 17:30 . 2009-11-28 07:32 161933343 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

c:\users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE Gamer HUD.lnk - c:\program files\GIGABYTE\Gamer HUD\HUD.exe [2009-4-17 1689600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:13,da,62,30,c8,0c,ca,01

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 1:28 PM 239648]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [26/01/2007 3:42 AM 2831232]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 7:36 AM 501248]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 12:53 PM 21504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 3:48 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 3:48 PM 8320]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2/11/2006 9:02 PM 1083520]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 21DF580A
*Deregistered* - 21df580a
*Deregistered* - BdfNdisf

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 21:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\z6njuhsj.default\
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 16:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-766394067-1362426571-2792811759-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fe,0f,24,29,e9,56,d7,6b,f7,dd,9a,50,b3,97,59,6b,5c,36,29,b1,45,82,2e,
ee,0c,1f,f6,01,f7,7c,be,e7,b2,42,f5,27,3a,61,0a,a1,dc,20,ff,b5,92,c1,85,f3,\
"??"=hex:b1,80,dc,58,65,2e,b9,58,ec,4b,89,ac,e2,d5,e9,d2

[HKEY_USERS\S-1-5-21-766394067-1362426571-2792811759-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,49,86,64,2e,dd,1c,b7,7c,c7,a7,61,d3,43,2f,eb,14,38,7f,5d,9b,
51,ed,cc,09,84,3d,cb,7c,62,c8,7d,90,07,57,b1,2c,22,7b,04,84,fb,5a,74,a9,9a,\
"rkeysecu"=hex:7a,df,12,49,65,39,f0,23,b5,ee,24,cf,1e,b1,25,33

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-29 16:02
ComboFix-quarantined-files.txt 2009-11-29 05:32
ComboFix2.txt 2009-11-22 10:30

Pre-Run: 746,311,684,096 bytes free
Post-Run: 748,233,060,352 bytes free

- - End Of File - - 2402C2AE6311F4E2DD9A421E46D62820


---------------------------------------------------------------------------------------------------------------------------------------

I can't create a gmer log because the program keeps crashing the computer. Sorry

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 29 November 2009 - 01:30 PM

Your welcome. :(

Well done...

Let's continue......

I assume you purposely have Bitdefender turned off and it is not disabled due to the infection? Do not restart it yet please! Also how is your computer running now?

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

FixCSet::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
==========

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* Combofix.txt
* MBAM log
* ESET log
* RootRepeal log
* OTL.txt
* Extra.txt
* Answer to questions <--- Important!!

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Nasanireru

Nasanireru
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 30 November 2009 - 05:02 AM

I assume you purposely have Bitdefender turned off and it is not disabled due to the infection? Do not restart it yet please! Also how is your computer running now?


I have uninstalled bitdefender untill I get this virus sorted out. The computer seems to be running a bit faster but it's hard to tell becuase it will still run fast under load. I haven't had any browser issues today either although I am using a newly downloaded firefox.

Thankyou once again for your help :( Here are the logs you requested

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 09-11-28.03 - Nathaniel 30/11/2009 17:21.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3326.2317 [GMT 10.5:30]
Running from: c:\users\Nathaniel\Desktop\thcbytes.exe
Command switches used :: c:\users\Nathaniel\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-30 06:55 . 2009-11-30 06:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-30 06:55 . 2009-11-30 06:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-28 07:32 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-27 23:38 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-27 23:38 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 13:11 . 2009-11-22 13:47 8192 d-----w- c:\windows\BDOSCAN8
2009-11-22 10:30 . 2009-11-30 06:59 4096 d-----w- c:\users\Nathaniel\AppData\Local\temp
2009-11-22 01:09 . 2009-11-22 01:09 -------- d-----w- C:\rsit
2009-11-20 13:31 . 2009-09-04 06:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-20 13:31 . 2009-09-04 06:59 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-20 08:40 . 2009-11-20 08:40 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\Malwarebytes
2009-11-20 08:39 . 2009-11-20 08:39 -------- d-----w- c:\programdata\Malwarebytes
2009-11-20 08:36 . 2009-11-20 08:36 -------- d-----w- c:\program files\Trend Micro
2009-11-16 04:34 . 2009-11-28 07:29 4096 d-----w- c:\program files\Windows Live Safety Center
2009-11-15 00:00 . 2009-11-15 00:00 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\BD_TEMP
2009-11-13 06:51 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 06:51 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-13 06:51 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-13 06:51 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 06:51 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-13 06:51 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-13 06:51 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 06:51 . 2009-08-06 08:53 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 06:51 . 2009-08-06 08:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 09:57 . 2009-11-12 11:49 4096 d-----w- c:\users\Nathaniel\AppData\Roaming\Apple Computer
2009-11-12 09:57 . 2009-05-18 03:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-12 09:57 . 2008-04-17 02:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-12 09:56 . 2009-11-12 09:56 -------- d-----w- c:\program files\iPod
2009-11-12 09:56 . 2009-11-12 09:57 4096 d-----w- c:\program files\iTunes
2009-11-12 09:56 . 2009-11-12 09:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-12 09:55 . 2009-11-12 09:55 4096 d-----w- c:\program files\QuickTime
2009-11-12 09:55 . 2009-11-12 09:56 -------- d-----w- c:\programdata\Apple Computer
2009-11-12 09:52 . 2009-11-12 09:56 -------- d-----w- c:\program files\Common Files\Apple
2009-11-12 09:12 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 09:05 . 2009-11-12 09:05 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-12 09:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 09:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-12 09:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-12 08:58 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-06 00:29 . 2009-11-06 00:29 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 00:29 . 2009-11-06 00:29 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 07:35 . 2009-11-02 07:35 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 07:35 . 2009-11-02 07:35 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 06:59 . 2009-07-23 10:45 35275 ----a-w- c:\programdata\nvModes.dat
2009-11-30 06:57 . 2009-07-23 10:45 4096 d-----w- c:\programdata\NVIDIA
2009-11-29 05:01 . 2009-10-08 02:32 -------- d-----w- c:\programdata\BitDefender
2009-11-29 05:01 . 2009-10-08 02:19 4096 d-----w- c:\program files\Common Files\BitDefender
2009-11-29 04:59 . 2009-10-08 02:48 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-11-21 03:44 . 2009-07-23 13:36 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-21 03:06 . 2009-07-25 07:42 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\Uniblue
2009-11-20 13:51 . 2009-08-03 10:33 -------- d-----w- c:\programdata\Media Center Programs
2009-11-20 13:50 . 2009-07-26 05:44 4096 d-----w- c:\program files\Java
2009-11-20 13:44 . 2009-08-02 14:36 4096 d-----w- c:\program files\easyHack
2009-11-20 11:11 . 2009-08-15 10:03 1 ----a-w- c:\users\Nathaniel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-19 11:40 . 2009-06-26 07:31 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-11-16 08:55 . 2009-08-10 22:00 4096 d-----w- c:\users\Nathaniel\AppData\Roaming\HpUpdate
2009-11-15 21:56 . 2009-07-23 11:29 4096 d-----w- c:\programdata\Google Updater
2009-11-14 04:01 . 2009-07-23 10:55 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 04:01 . 2009-08-17 12:28 2380538 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-11-12 09:56 . 2009-08-01 13:13 -------- d-----w- c:\program files\Bonjour
2009-11-12 09:54 . 2009-07-30 10:48 -------- d-----w- c:\programdata\Apple
2009-11-12 09:41 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 09:25 . 2009-07-23 10:38 53952 ----a-w- c:\users\Nathaniel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-12 09:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-12 09:04 . 2009-11-12 09:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-12 09:02 . 2009-11-12 09:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-12 08:46 . 2009-09-05 13:55 4096 d-----w- c:\program files\NSS
2009-11-12 08:46 . 2009-08-30 08:47 -------- d-----w- c:\program files\Nokia
2009-11-02 10:12 . 2009-10-05 03:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 10:28 . 2009-10-28 10:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 10:24 . 2009-10-28 10:24 -------- d-----w- c:\program files\CCleaner
2009-10-21 11:12 . 2009-08-30 08:52 4096 d-----w- c:\users\Nathaniel\AppData\Roaming\Nokia
2009-10-17 10:52 . 2009-07-31 12:13 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-10 17:47 . 2009-07-26 05:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 06:54 . 2009-10-10 06:54 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\Panasonic
2009-10-10 06:50 . 2009-10-10 06:50 -------- d-----w- c:\program files\Microsoft
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\wsbl.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\ph_white.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\ph_black.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-10-08 08:16 . 2009-10-08 08:16 0 ----a-w- c:\windows\system32\pcwords.dat
2009-10-08 02:42 . 2009-10-08 02:42 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-10-08 02:42 . 2009-10-08 02:42 16 ----a-w- c:\windows\system32\asdict.dat
2009-10-08 02:32 . 2009-10-08 02:32 -------- d-----w- c:\users\Nathaniel\AppData\Roaming\BitDefender
2009-10-08 02:32 . 2009-10-08 02:32 -------- d-----w- c:\program files\BitDefender
2009-10-08 01:13 . 2009-07-23 10:38 680 ----a-w- c:\users\Nathaniel\AppData\Local\d3d9caps.dat
2009-10-05 18:58 . 2009-07-23 13:23 4096 d-----w- c:\programdata\HP
2009-10-05 08:03 . 2009-07-23 13:05 12288 d-----w- c:\users\Nathaniel\AppData\Roaming\uTorrent
2009-10-01 01:02 . 2009-11-12 09:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-12 09:01 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-12 09:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-12 09:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-12 09:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-12 09:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-12 09:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-12 09:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-12 09:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-12 09:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-12 09:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-12 09:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-12 09:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-12 09:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-12 09:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-12 09:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-28 05:25 . 2009-07-24 11:47 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-27 12:42 . 2009-09-27 12:42 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 12:42 . 2009-09-27 12:42 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 12:42 . 2009-09-27 12:42 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 12:42 . 2009-09-27 12:42 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 12:42 . 2009-09-27 12:42 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 12:42 . 2009-09-27 12:42 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 12:42 . 2009-09-27 12:42 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 12:42 . 2009-09-27 12:42 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 12:42 . 2009-09-27 12:42 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 12:42 . 2009-07-23 10:41 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-27 12:42 . 2009-04-30 14:02 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 12:42 . 2009-04-30 14:02 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 07:17 . 2009-09-27 07:17 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 07:17 . 2009-09-27 07:17 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 07:17 . 2009-09-27 07:17 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 07:17 . 2009-09-27 07:17 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 07:17 . 2009-09-27 07:17 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 07:17 . 2009-09-27 07:17 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 07:17 . 2009-09-27 07:17 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 07:17 . 2009-09-27 07:17 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 07:17 . 2009-09-27 07:17 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 07:17 . 2009-09-27 07:17 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 07:16 . 2009-09-27 07:16 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 07:16 . 2009-09-27 07:16 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-25 02:10 . 2009-11-12 09:01 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-12 09:01 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-12 09:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-12 09:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-12 09:01 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-12 09:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-12 09:01 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-12 09:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-12 09:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-12 09:01 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-12 09:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-12 09:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-12 09:01 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-10-19 08:29 . 2009-10-08 02:37 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-29_05.31.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-30 07:00 52186 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-30 07:00 84800 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-23 10:35 . 2009-11-30 03:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-23 10:35 . 2009-11-29 05:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-23 10:35 . 2009-11-30 03:13 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-23 10:35 . 2009-11-29 05:22 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-23 10:35 . 2009-11-29 05:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-23 10:35 . 2009-11-30 03:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-28 08:21 . 2009-11-28 10:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-28 08:21 . 2009-11-30 06:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-28 08:21 . 2009-11-30 06:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-28 08:21 . 2009-11-28 10:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-28 08:21 . 2009-11-30 06:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-28 08:21 . 2009-11-28 10:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-08 13:14 . 2009-11-28 10:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-08 13:14 . 2009-11-29 05:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-08 13:14 . 2009-11-28 10:42 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-08 13:14 . 2009-11-29 05:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-08 13:14 . 2009-11-28 10:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-08 13:14 . 2009-11-29 05:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-23 10:40 . 2009-11-30 07:00 7530 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-766394067-1362426571-2792811759-1000_UserData.bin
- 2009-11-28 10:42 . 2009-11-28 10:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-30 06:57 . 2009-11-30 06:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-28 10:42 . 2009-11-28 10:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-30 06:57 . 2009-11-30 06:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-11-29 13:38 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-29 04:56 599942 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-29 13:38 105448 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-29 04:56 105448 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

c:\users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE Gamer HUD.lnk - c:\program files\GIGABYTE\Gamer HUD\HUD.exe [2009-4-17 1689600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:13,da,62,30,c8,0c,ca,01

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 1:28 PM 239648]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [26/01/2007 3:42 AM 2831232]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 7:36 AM 501248]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 12:53 PM 21504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 3:48 PM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 3:48 PM 8320]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2/11/2006 9:02 PM 1083520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 21:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\z6njuhsj.default\
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-766394067-1362426571-2792811759-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fe,0f,24,29,e9,56,d7,6b,f7,dd,9a,50,b3,97,59,6b,5c,36,29,b1,45,82,2e,
ee,0c,1f,f6,01,f7,7c,be,e7,b2,42,f5,27,3a,61,0a,a1,dc,20,ff,b5,92,c1,85,f3,\
"??"=hex:b1,80,dc,58,65,2e,b9,58,ec,4b,89,ac,e2,d5,e9,d2

[HKEY_USERS\S-1-5-21-766394067-1362426571-2792811759-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,49,86,64,2e,dd,1c,b7,7c,c7,a7,61,d3,43,2f,eb,14,38,7f,5d,9b,
51,ed,cc,09,84,3d,cb,7c,62,c8,7d,90,07,57,b1,2c,22,7b,04,84,fb,5a,74,a9,9a,\
"rkeysecu"=hex:7a,df,12,49,65,39,f0,23,b5,ee,24,cf,1e,b1,25,33
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-30 17:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 07:01
ComboFix2.txt 2009-11-29 05:32
ComboFix3.txt 2009-11-22 10:30

Pre-Run: 748,397,703,168 bytes free
Post-Run: 748,220,313,600 bytes free

- - End Of File - - 520E704F9201C3E8A3F3D09E915F5202

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.41
Database version: 3260
Windows 6.0.6002 Service Pack 2

30/11/2009 6:04:38 PM
mbam-log-2009-11-30 (18-04-38).txt

Scan type: Quick Scan
Objects scanned: 93761
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


F:\Downloads\Recently Downloaded\Phone Stuff\Symbian Mega Pack.rar multiple threats deleted - quarantined
F:\Downloads\Recently Downloaded\Phone Stuff\Symbian Mega Pack\Lonely Cat Games ProfiMail V2.84 S60v3 SymbianOS9.1 Incl Keygen-TSRh.rar probably a variant of Win32/IRCBot trojan deleted - quarantined
F:\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application deleted - quarantined

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/30 20:10
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\thcbytes\catchme.sys
Address: 0x9ED3D000 Size: 31744 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x91095000 Size: 815104 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\Windows\system32\Drivers\PROCEXP113.SYS
Address: 0x9ED45000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9ED57000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{1564b5a8-cf6d-11de-a2ce-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{15b2806f-cf70-11de-8f11-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{15b28075-cf70-11de-8f11-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{15b2807a-cf70-11de-8f11-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{15b28091-cf70-11de-8f11-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{315500a9-d5d8-11de-b3af-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2edf25d-d266-11de-9180-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{D2EDF~2
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2edf313-d266-11de-9180-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2edf32c-d266-11de-9180-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2edf341-d266-11de-9180-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2edf3a8-d266-11de-9180-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2edf3da-d266-11de-9180-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b5d94da5-d50a-11de-b6db-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2edf437-d266-11de-9180-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fc8183c1-d5b0-11de-ae0f-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd7adaab-d5d9-11de-981d-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd7adabe-d5d9-11de-981d-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd7adad0-d5d9-11de-981d-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd7adaee-d5d9-11de-981d-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd7adaf5-d5d9-11de-981d-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{FB516~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f2611521-dbac-11de-8f81-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8599c85d-d64c-11de-9e0c-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{99696e7a-cf6a-11de-9622-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a48182a7-d750-11de-a41b-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a48182ab-d750-11de-a41b-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a48182cd-d750-11de-a41b-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a48182d1-d750-11de-a41b-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b9fc6fa0-d4f8-11de-8907-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c18a7179-ccd1-11de-9d4c-0016446ac142}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{C18A7~2
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c18a72dd-ccd1-11de-9d4c-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c746e7a0-dbe5-11de-a93f-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c746e7fb-dbe5-11de-a93f-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d06a9a45-d18b-11de-9ba0-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{55055e8c-d64b-11de-b3cb-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{55532965-d64e-11de-b634-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{59f77ea2-dc06-11de-9f2b-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668ca6-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668caa-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668cae-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668cb2-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668cb6-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668cba-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668cbe-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668cc2-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c668ce2-cf65-11de-a5b7-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6f4a9758-cfd0-11de-bcba-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6f4a977c-cfd0-11de-bcba-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6f4a9809-cfd0-11de-bcba-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6f4a984a-cfd0-11de-bcba-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6f4a98ca-cfd0-11de-bcba-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2edf43b-d266-11de-9180-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d3dda14a-cb51-11de-b8a6-0016446ac142}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ad91c19f-d22f-11de-b43c-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ad91c1e1-d22f-11de-b43c-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ad91c204-d22f-11de-b43c-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b066bcd2-dc0a-11de-9ff1-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b066bcd6-dc0a-11de-9ff1-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b5d94da0-d50a-11de-b6db-001d609c05a2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.ieframe.dll.01ca6a591afb99d8.0000
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.iertutil.dll.01ca6a591b81e0d8.0002
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.urlmon.dll.01ca6a591c616b68.0004
Status: Locked to the Windows API!

Path: C:\Windows\System32\$$DeleteMe.wininet.dll.01ca6a591b5b1ef8.0001
Status: Locked to the Windows API!

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588445e3d272feb1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18828_none_2a7f307da25a6db3\$$DeleteMe.iertutil.dll.01ca6a591b81e0d8.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18005_none_8a59b9a693f7ed88\$$DeleteMe.msxml3.dll.01ca700713620784.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_none_2d991295d888a8b3\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9942~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5DF7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18828_none_97be9dffeca028c3\$$DeleteMe.urlmon.dll.01ca6a591c616b68.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b4c3b84e1\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-medProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1312 Status: Locked to the Windows API!

==EOF==

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 30/11/2009 8:19:27 PM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Users\Nathaniel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 695.48 Gb Free Space | 74.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 754.05 Gb Free Space | 80.95% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 979.00 Mb Total Space | 95.75 Mb Free Space | 9.78% Space Free | Partition Type: NTFS

Computer Name: NATHANIEL-PC
Current User Name: Nathaniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/30 20:18:36 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Nathaniel\Desktop\OTL.exe
PRC - [2009/11/03 13:58:04 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/28 15:55:48 | 00,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/17 02:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/30 22:34:23 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/07/24 16:05:24 | 00,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/23 22:00:35 | 00,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/06/30 18:10:30 | 00,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2009/04/11 16:58:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 16:57:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/17 14:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/02 19:50:34 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/01/21 12:55:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 12:54:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 20:18:36 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Nathaniel\Desktop\OTL.exe
MOD - [2009/04/11 16:51:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/16 08:26:25 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/28 15:55:48 | 00,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/09/25 11:57:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/17 02:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/08/01 23:37:27 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/30 22:34:23 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/24 16:05:24 | 00,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/03/17 14:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/16 21:12:28 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/06/02 19:50:34 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/03/25 22:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/21 12:53:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 20:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/01/16 20:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/06/29 20:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 20:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/11/02 23:05:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme)
DRV - [2009/09/27 23:12:22 | 09,509,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/04 10:48:20 | 02,744,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/26 18:21:02 | 01,956,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/05/24 07:36:42 | 00,501,248 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 02:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/11 15:12:54 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 15:12:54 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV - [2009/03/19 15:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 15:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/03/15 20:55:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/09 09:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 09:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 09:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 09:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/06/02 19:49:48 | 00,305,688 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/01/21 12:53:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 12:53:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 12:53:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 12:53:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 12:53:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 12:53:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 12:53:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 12:53:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 12:53:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 12:53:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 12:53:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 12:53:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 12:53:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 12:53:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 12:53:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 12:53:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 12:53:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 12:53:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 12:53:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 12:53:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 12:53:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 12:53:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 12:53:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 12:53:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 12:53:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/15 01:56:30 | 00,218,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/08/20 11:05:02 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\Entech.sys -- (ENTECH)
DRV - [2007/01/26 03:42:50 | 02,831,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/11/02 20:20:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 20:20:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 20:20:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 20:20:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 20:20:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 20:20:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 20:20:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 20:20:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 20:20:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 20:19:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 20:19:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:57:22 | 01,083,520 | ---- | M] (Philips Semiconductors GmbH) -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/11/02 18:55:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:54:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:54:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:54:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:54:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:54:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 18:06:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:07:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/02/23 15:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-766394067-1362426571-2792811759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-766394067-1362426571-2792811759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-766394067-1362426571-2792811759-1000\S-1-5-21-766394067-1362426571-2792811759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/23 22:00:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/07/24 15:44:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/21 13:34:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/21 13:34:04 | 00,000,000 | ---D | M]

[2009/11/21 13:34:17 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\Mozilla\Extensions
[2009/11/30 18:06:45 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\z6njuhsj.default\extensions
[2009/11/23 17:28:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/19 18:59:44 | 00,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2009/11/03 12:12:02 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/03 12:12:02 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/03 12:12:02 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/03 12:12:02 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-766394067-1362426571-2792811759-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKU\S-1-5-21-766394067-1362426571-2792811759-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-766394067-1362426571-2792811759-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-766394067-1362426571-2792811759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-766394067-1362426571-2792811759-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:13:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 23:15:03 | 00,224,495 | ---- | M] () - F:\Autoclicker.zip -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 22:51:48 | 00,296,614 | ---- | M] () - F:\AutoClick_setup.exe -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 22:55:12 | 00,077,254 | ---- | M] () - F:\AutoMouseClicker.zip -- [ NTFS ]
O32 - AutoRun File - [2009/09/05 19:02:50 | 00,000,000 | ---D | M] - F:\autorefresh -- [ NTFS ]
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/30 20:18:19 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Users\Nathaniel\Desktop\OTL.exe
[2009/11/30 20:09:03 | 00,472,064 | ---- | C] ( ) -- C:\Users\Nathaniel\Desktop\RootRepeal.exe
[2009/11/30 18:08:04 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/30 17:59:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/30 17:59:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/30 17:59:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/30 17:31:56 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/29 16:10:06 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/28 18:02:06 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/28 10:08:54 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/22 23:41:58 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/11/22 21:00:12 | 00,000,000 | ---D | C] -- C:\Users\Nathaniel\AppData\Local\temp
[2009/11/22 20:43:38 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/22 20:43:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/22 20:43:38 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/22 20:43:38 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/22 20:43:27 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/22 20:43:00 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/22 11:39:06 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/21 00:01:34 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2009/11/21 00:01:33 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2009/11/20 19:10:03 | 00,000,000 | ---D | C] -- C:\Users\Nathaniel\AppData\Roaming\Malwarebytes
[2009/11/20 19:09:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/20 19:06:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/18 18:49:29 | 00,000,000 | ---D | C] -- C:\Users\Nathaniel\Documents\ECC Documents
[2009/11/16 15:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/15 10:30:07 | 00,000,000 | ---D | C] -- C:\Users\Nathaniel\AppData\Roaming\BD_TEMP
[2009/11/13 17:21:35 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/11/13 17:21:35 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/11/13 17:21:24 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/11/13 17:21:24 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/11/13 17:21:24 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/11/13 17:21:21 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/11/13 17:21:21 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/11/12 20:27:30 | 00,000,000 | ---D | C] -- C:\Users\Nathaniel\AppData\Roaming\Apple Computer
[2009/11/12 20:27:21 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/11/12 20:27:21 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/11/12 20:26:52 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/12 20:26:51 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/12 20:26:51 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/12 20:25:28 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/12 20:25:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/11/12 20:22:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/11/12 19:43:03 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/12 19:42:50 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/12 19:35:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/12 19:31:41 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/12 19:31:40 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/12 19:31:40 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/12 19:31:26 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/12 19:31:26 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/12 19:31:25 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/12 19:31:25 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/12 19:31:24 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/12 19:31:24 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/12 19:31:24 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/12 19:31:24 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/12 19:31:24 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/12 19:31:24 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/12 19:31:24 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/12 19:31:24 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/12 19:31:24 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/12 19:31:24 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/12 19:31:24 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/12 19:31:24 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/12 19:31:24 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/12 19:31:24 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/12 19:31:24 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/12 19:31:24 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/12 19:31:24 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/12 19:31:24 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/12 19:31:24 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/11/12 19:31:24 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/12 19:31:24 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/12 19:31:09 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/12 19:31:09 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/12 19:31:04 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/12 19:31:03 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/12 19:31:03 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/12 19:31:03 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/11/12 19:31:03 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/12 19:31:03 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/12 19:31:03 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/11/12 19:31:03 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/11/12 19:31:03 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/11/12 19:31:02 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/12 19:30:26 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/11/12 19:30:25 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/12 19:28:53 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/06 10:59:54 | 15,406,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2009/11/06 10:59:54 | 13,642,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2009/11/02 18:05:36 | 00,167,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xliveinstall.dll
[2009/11/02 18:05:34 | 00,071,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xliveinstallhost.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/30 20:18:51 | 02,097,152 | -HS- | M] () -- C:\Users\Nathaniel\NTUSER.DAT
[2009/11/30 20:18:36 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Nathaniel\Desktop\OTL.exe
[2009/11/30 20:09:54 | 00,000,000 | ---- | M] () -- C:\Users\Nathaniel\Desktop\settings.dat
[2009/11/30 20:09:26 | 00,472,064 | ---- | M] ( ) -- C:\Users\Nathaniel\Desktop\RootRepeal.exe
[2009/11/30 19:27:04 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/30 19:27:04 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/30 18:07:34 | 02,672,312 | ---- | M] () -- C:\Users\Nathaniel\Desktop\esetsmartinstaller_enu.exe
[2009/11/30 17:59:35 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/30 17:35:14 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/30 17:33:15 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/30 17:33:15 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/30 17:33:15 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/30 17:29:07 | 00,035,275 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/30 17:29:06 | 00,035,275 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/30 17:29:02 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/30 17:28:54 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/30 17:27:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/30 17:27:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/30 17:25:52 | 00,524,288 | -HS- | M] () -- C:\Users\Nathaniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/30 17:25:52 | 00,065,536 | -HS- | M] () -- C:\Users\Nathaniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/30 17:25:46 | 01,700,780 | -H-- | M] () -- C:\Users\Nathaniel\AppData\Local\IconCache.db
[2009/11/29 16:18:06 | 30,381,8550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/29 16:05:48 | 00,292,352 | ---- | M] () -- C:\Users\Nathaniel\Desktop\bjhl0x5z.exe
[2009/11/29 15:44:04 | 03,579,392 | R--- | M] () -- C:\Users\Nathaniel\Desktop\thcbytes.exe
[2009/11/29 15:40:08 | 00,000,000 | ---- | M] () -- C:\Users\Nathaniel\defogger_reenable
[2009/11/29 15:39:05 | 00,050,621 | ---- | M] () -- C:\Users\Nathaniel\Desktop\Defogger.exe
[2009/11/29 15:37:18 | 00,291,840 | ---- | M] () -- C:\Users\Nathaniel\Desktop\exeHelper.com
[2009/11/29 15:35:03 | 00,262,656 | ---- | M] () -- C:\Users\Nathaniel\Desktop\rkill.pif
[2009/11/29 15:29:51 | 00,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2009/11/21 13:34:06 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/21 00:12:29 | 00,000,148 | ---- | M] () -- C:\Windows\QIII.INI
[2009/11/20 19:06:09 | 00,001,874 | ---- | M] () -- C:\Users\Nathaniel\Desktop\HijackThis.lnk
[2009/11/19 22:10:43 | 00,072,200 | ---- | M] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2009/11/19 07:44:24 | 00,000,036 | ---- | M] () -- C:\Users\Nathaniel\AppData\Local\housecall.guid.cache
[2009/11/18 21:19:35 | 00,056,407 | ---- | M] () -- C:\Users\Public\Documents\Logo - invoice 1.jpg
[2009/11/18 20:21:11 | 00,000,988 | ---- | M] () -- C:\Users\Nathaniel\Desktop\Photoshop - Shortcut.lnk
[2009/11/17 20:15:16 | 00,049,152 | ---- | M] () -- C:\Users\Nathaniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 20:18:59 | 00,001,670 | ---- | M] () -- C:\Users\Nathaniel\Desktop\CCleaner.lnk
[2009/11/15 12:40:02 | 01,588,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/12 20:27:23 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/12 19:55:14 | 00,053,952 | ---- | M] () -- C:\Users\Nathaniel\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/12 19:34:10 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/12 19:32:18 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/09 12:44:22 | 00,001,408 | ---- | M] () -- C:\Users\Nathaniel\Documents\Tax Invoice to Isaac.rtf
[2009/11/06 10:59:54 | 15,406,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2009/11/06 10:59:54 | 13,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2009/11/06 10:58:04 | 00,178,975 | ---- | M] () -- C:\Windows\System32\xlive.dll.cat
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/02 18:05:36 | 00,167,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xliveinstall.dll
[2009/11/02 18:05:34 | 00,071,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xliveinstallhost.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/30 20:09:54 | 00,000,000 | ---- | C] () -- C:\Users\Nathaniel\Desktop\settings.dat
[2009/11/30 18:06:45 | 02,672,312 | ---- | C] () -- C:\Users\Nathaniel\Desktop\esetsmartinstaller_enu.exe
[2009/11/30 17:59:35 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 16:10:00 | 30,381,8550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/29 16:05:41 | 00,292,352 | ---- | C] () -- C:\Users\Nathaniel\Desktop\bjhl0x5z.exe
[2009/11/29 15:43:22 | 03,579,392 | R--- | C] () -- C:\Users\Nathaniel\Desktop\thcbytes.exe
[2009/11/29 15:40:08 | 00,000,000 | ---- | C] () -- C:\Users\Nathaniel\defogger_reenable
[2009/11/29 15:39:05 | 00,050,621 | ---- | C] () -- C:\Users\Nathaniel\Desktop\Defogger.exe
[2009/11/29 15:37:16 | 00,291,840 | ---- | C] () -- C:\Users\Nathaniel\Desktop\exeHelper.com
[2009/11/29 15:35:02 | 00,262,656 | ---- | C] () -- C:\Users\Nathaniel\Desktop\rkill.pif
[2009/11/22 20:43:38 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/22 20:43:38 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/22 20:43:38 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/22 20:43:38 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/22 20:43:38 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/21 13:34:06 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/11/20 19:06:09 | 00,001,874 | ---- | C] () -- C:\Users\Nathaniel\Desktop\HijackThis.lnk
[2009/11/19 07:44:24 | 00,000,036 | ---- | C] () -- C:\Users\Nathaniel\AppData\Local\housecall.guid.cache
[2009/11/18 21:20:36 | 00,056,407 | ---- | C] () -- C:\Users\Public\Documents\Logo - invoice 1.jpg
[2009/11/18 20:21:11 | 00,000,988 | ---- | C] () -- C:\Users\Nathaniel\Desktop\Photoshop - Shortcut.lnk
[2009/11/12 20:27:23 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/11/12 19:34:10 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/12 19:32:18 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/09 12:44:22 | 00,001,408 | ---- | C] () -- C:\Users\Nathaniel\Documents\Tax Invoice to Isaac.rtf
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/05 18:26:46 | 00,076,407 | ---- | C] () -- C:\Users\Nathaniel\AppData\Roaming\Smiley.ico
[2009/09/23 08:18:44 | 00,000,023 | ---- | C] () -- C:\Windows\sign.ini
[2009/09/22 20:22:38 | 00,000,148 | ---- | C] () -- C:\Windows\QIII.INI
[2009/08/16 18:04:09 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/07/26 23:49:02 | 00,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/07/25 11:43:54 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/24 22:17:21 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/07/24 22:17:20 | 00,022,328 | ---- | C] () -- C:\Users\Nathaniel\AppData\Roaming\PnkBstrK.sys
[2009/07/24 15:04:03 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/24 12:27:06 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/07/23 23:53:17 | 00,001,750 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/07/23 22:37:17 | 00,049,152 | ---- | C] () -- C:\Users\Nathaniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 21:15:46 | 00,035,275 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/23 21:15:46 | 00,035,275 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/23 21:08:35 | 00,000,680 | ---- | C] () -- C:\Users\Nathaniel\AppData\Local\d3d9caps.dat
[2009/04/10 15:50:26 | 00,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 23:05:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:10:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/02/27 11:07:00 | 00,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[1996/04/04 06:03:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/11/15 10:30:07 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\BD_TEMP
[2009/10/08 13:02:31 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\BitDefender
[2009/09/05 23:17:08 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\GARMIN
[2009/10/21 21:42:26 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\Nokia
[2009/08/15 20:32:40 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\OpenOffice.org
[2009/10/10 17:24:17 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\Panasonic
[2009/09/28 19:39:17 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\PC Suite
[2009/11/21 13:36:46 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\Uniblue
[2009/10/05 18:33:20 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\uTorrent
[2009/09/13 10:48:15 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\vghd
[2009/07/23 21:25:18 | 00,000,000 | ---D | M] -- C:\Users\Nathaniel\AppData\Roaming\WinBatch
[2009/11/30 17:25:52 | 00,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
< End of report >

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 30/11/2009 8:19:27 PM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Users\Nathaniel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 695.48 Gb Free Space | 74.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 754.05 Gb Free Space | 80.95% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 979.00 Mb Total Space | 95.75 Mb Free Space | 9.78% Space Free | Partition Type: NTFS

Computer Name: NATHANIEL-PC
Current User Name: Nathaniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-766394067-1362426571-2792811759-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07560F10-182F-4E12-9F51-0EBD09F7F6CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12DC4641-4468-4C95-9B3C-DF9CA06FDA57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{154C6B31-2C68-4797-A539-B99F25B38504}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A593FA5-C418-4A7F-B9C0-5E70AE13521E}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D70EBC9-0A7E-4BF8-8FCB-2DFBA05258BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3295AC63-CABF-4DF7-B4A6-95566A20EC2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A9B22A2-F413-4274-8563-AC30584432AF}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E2A5D79-23FC-4EC3-967E-D48FFA7B40E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{567E99FF-7DC7-43ED-BFE1-AC475B803B1C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{579080A0-22DD-4362-B4D4-8BE970FFEDDB}" = lport=6112 | protocol=6 | dir=in | name=warcraft 3 |
"{5923E635-664E-4558-8B23-9A6F3BA67AB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A5EFC9B-834A-45BE-8871-2B61E6B54C63}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{614D17D1-FA0F-4580-BD43-2CF5C0F269C5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74DC0F81-547F-4E94-9C31-A0847E24C353}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B72D8F8-29A3-45F1-B2CB-40791DE6CE24}" = rport=138 | protocol=17 | dir=out | app=system |
"{97F0C4F3-3B77-44A0-98CD-F3957B34C67C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A6D1E9EA-57BD-4780-9D30-B1F2AFCDADD4}" = lport=139 | protocol=6 | dir=in | app=system |
"{B081F571-0721-440F-BFA5-9B84A9A3E242}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B8609669-7DA2-4E7A-80CE-599E841DCD7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2DDA15E-2F34-475B-9C1F-1204DA5A9FAC}" = lport=138 | protocol=17 | dir=in | app=system |
"{EC7B11CE-FF91-4115-BFCF-FBCC8B07B4A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0ADCC94-70E4-445B-8FBB-87D02316EBEE}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000F0872-34D1-4803-B084-DC00976E917A}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{138150C5-A253-42FC-A8D6-C087E1E0087D}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{171035D9-75B0-4244-8BA0-CE0B7DA9B178}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19453470-EFB4-4BFB-A96C-F35C44E00348}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{1FB5B185-FD12-440A-939A-35B7760B00A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{288336BB-32A1-43BB-9A7F-6B569CCF8C3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{347A0190-C3E2-4927-A6EA-1A1237823F41}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_ds.exe |
"{35FDCE87-73E3-4990-A763-9C938A87C21B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36AEDCD6-8270-4AA7-97DD-108D63000F42}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{39E7D760-9286-4535-BE1A-273EA9791723}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{45633B90-62D1-46D1-B019-3EEF8BB5CAD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{48A057FD-C9FB-49DB-9505-37E647E92AFE}" = protocol=6 | dir=in | app=c:\users\nathaniel\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
"{49844F24-6FB0-4D43-AB7A-DC9CF4A6078A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5433C492-F842-4331-892F-1C6AD1655BA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{57EB0A3A-288B-4530-8BC3-AAAB9DB103AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B25B7D9-275E-4794-98EB-E416E2569910}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D349A26-4683-494D-A742-2EAFFA3D9908}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{674DA32D-C196-47F7-934D-72C0582E2C39}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{683C98D2-B042-4FD7-9697-57E14AAD8E2A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{6AB73DBC-9673-471F-B7AB-E0383DD34EB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72AE6FD4-5346-49C2-8505-67B842D7DE5A}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_ds.exe |
"{76634333-12D0-45AB-965D-84876DA70A04}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_online.exe |
"{7E3C8D86-93B6-48ED-BE40-5582A7530BBA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7F35EBB3-D18D-4C2A-975C-EFB73D2A3656}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_online.exe |
"{85EE468D-2553-4806-A5B1-ECBDF5EBC05A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{883CEAAD-1AFC-4302-B275-2EE03BDC2390}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{92D273DA-5FFF-468D-93FE-874D13A4EC31}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{942809FD-A5DA-4746-9F36-5B1C77151CBD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{943CA479-D199-4EAA-882E-CCC8FE034429}" = protocol=6 | dir=out | app=system |
"{9597CF95-6581-4A25-82D2-C10D23CE7597}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A3CEC155-BDBB-4533-8269-AF0758CA5AF6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{AEE0F440-3F30-4EE3-A844-CEAA3F745D21}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{B0700064-4B7D-4BB8-AF7B-19E86BAD1D5C}" = protocol=17 | dir=in | app=c:\users\nathaniel\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe |
"{B0A211EE-9A8D-4485-8C2B-7916E0D67C15}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B2672C81-DE47-46DB-AAD1-D0AA3D62D711}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8D3B9D0-B6A6-4100-856E-476A5AEEF6A8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BC844353-1BF3-4694-B30D-4D2834CFC8B3}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |
"{BD98856C-C756-4BE8-B655-4899FF07C378}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C38C5BA4-5412-4466-AABE-24E05B0F7ACD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5336367-E9FD-4339-AAE1-40DE3FBE6D5D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CD34504F-C065-4F28-8A92-9336DA43624E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D37D8559-4746-4D03-AB2B-4A8E0CDD28E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D84493D3-B578-42EB-AB4F-857FEFA346B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8B08CA1-1CE4-40FE-ABC8-F4B63C26DFA0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAD55DBB-743A-4452-8418-BAA5C46E7A8E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{DE9F7A3E-EB53-4E49-AF01-4AFD7D06EFE3}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |
"{E0CE9AF8-9BE0-4E43-B3CC-018D3C5A72E9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E2130473-43F5-48E9-BCDF-BAB5BBB22D7A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{E78FCB02-F813-4F21-BBE8-440A6596AA4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE3B3D8F-1193-4C28-B4E7-9138B9F6A849}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"TCP Query User{289122BA-6958-4061-8A4E-5D8F75DCD338}C:\program files\hd publishing\joint task force\jtf.exe" = protocol=6 | dir=in | app=c:\program files\hd publishing\joint task force\jtf.exe |
"TCP Query User{3D357AE6-BB82-401C-9D20-80A8F2E2F900}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{48E49891-1ECA-4D9D-A5A7-0CC0DD28DAD6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{64824C04-978D-4417-98F5-FA0F411E83CC}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{852DA798-5FDE-4222-95F9-247EBF75DAA9}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{97DFA48E-0B51-48ED-ABF7-C2D331398725}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{A2F93292-545B-4612-9B24-781EB21DC059}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{AA6E6F13-954A-445C-9514-0328F7552EB7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{CF904A91-B05F-46EF-A22E-A2E1B4BAECC4}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{DA9AD4C3-B7E1-4451-85F0-9665CD6C6651}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{E08CD0A0-630C-4655-91E7-2911F5EAEA30}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{0EFBB481-ED8A-453C-869C-32DB7D7EAC9A}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{190C3FCC-F010-4C07-9230-7A58B5E634B1}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{3783A993-BCBC-4AEF-B18D-F5C6BA9A3192}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{4AC7F243-ED2E-4AE5-B7E9-FA337AFD13E1}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{4B472E0C-A822-47EE-A916-8E4B926FCCCF}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{52F9E5D4-1706-4EB3-B22E-041FD838FB04}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{88E45CE7-DEE1-4058-B03A-E68D2E882981}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8906C9EC-4F74-4B3D-B901-8EC4F6589AB2}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{DAD2C6FC-BF8F-4409-AC91-42E92EDF4B81}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{DBA991AA-E980-40F5-8C86-BC1ADDEA37D4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{E373271C-C53A-47C9-9C35-B9548A409BB7}C:\program files\hd publishing\joint task force\jtf.exe" = protocol=17 | dir=in | app=c:\program files\hd publishing\joint task force\jtf.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C104E56-A441-429D-A609-D8A46EB92EA1}" = PCMark05
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare™ 1.1 Patch
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FB17451-D5A4-4651-AC17-A6713F7234BA}" = ASUS Hybrid Capture Device
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84FB24B0-9973-4370-B107-7C38DDF20ABC}" = Gamer HUD
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCB9DF93-537D-433D-AF3B-36025DEF5798}" = Joint Task Force
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"CCleaner" = CCleaner
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare™ 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Noise Ninja (Standalone Version)_is1" = Noise Ninja 2 (Standalone Version)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"PROSet" = Intel® Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"Shop for HP Supplies" = Shop for HP Supplies
"Warcraft III" = Warcraft III
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-766394067-1362426571-2792811759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/11/2009 6:13:10 AM | Computer Name = Nathaniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/11/2009 6:44:13 AM | Computer Name = Nathaniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/11/2009 1:41:40 AM | Computer Name = Nathaniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/11/2009 1:49:54 AM | Computer Name = Nathaniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/11/2009 5:18:08 AM | Computer Name = Nathaniel-PC | Source = EventSystem | ID = 4609
Description =

Error - 29/11/2009 5:19:09 AM | Computer Name = Nathaniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/11/2009 5:19:13 AM | Computer Name = Nathaniel-PC | Source = Application Error | ID = 1000
Description = Faulting application bjhl0x5z.exe, version 1.0.15.15252, time stamp
0x4b07cc3d, faulting module bjhl0x5z.exe, version 1.0.15.15252, time stamp 0x4b07cc3d,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x5e8, application
start time 0x01ca70d4f80302c3.

Error - 29/11/2009 9:32:08 AM | Computer Name = Nathaniel-PC | Source = Application Error | ID = 1000
Description = Faulting application bjhl0x5z.exe, version 1.0.15.15252, time stamp
0x4b07cc3d, faulting module bjhl0x5z.exe, version 1.0.15.15252, time stamp 0x4b07cc3d,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x630, application
start time 0x01ca70f84dac47e3.

Error - 29/11/2009 9:35:27 AM | Computer Name = Nathaniel-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/11/2009 2:58:44 AM | Computer Name = Nathaniel-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 20/11/2009 11:36:14 PM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 20/11/2009 11:49:13 PM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 22/11/2009 6:25:31 AM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 27/11/2009 7:35:42 PM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 28/11/2009 2:22:20 AM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 28/11/2009 6:15:43 AM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 28/11/2009 6:46:46 AM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 29/11/2009 1:43:56 AM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 29/11/2009 1:52:19 AM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

Error - 29/11/2009 9:37:38 AM | Computer Name = Nathaniel-PC | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 14/09/2009 5:43:32 PM | Computer Name = Nathaniel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/09/2009 5:43:32 PM | Computer Name = Nathaniel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/09/2009 5:43:41 PM | Computer Name = Nathaniel-PC | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 14/09/2009 5:43:41 PM | Computer Name = Nathaniel-PC | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 17/09/2009 6:53:07 AM | Computer Name = Nathaniel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:29:21 PM on 17/09/2009 was unexpected.

Error - 17/09/2009 6:55:02 AM | Computer Name = Nathaniel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 17/09/2009 6:55:03 AM | Computer Name = Nathaniel-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 17/09/2009 6:55:10 AM | Computer Name = Nathaniel-PC | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 17/09/2009 6:55:10 AM | Computer Name = Nathaniel-PC | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 19/09/2009 4:28:10 AM | Computer Name = Nathaniel-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Cheers,
Nathaniel

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 30 November 2009 - 05:28 PM

Hello,

Congratulations! You now appear clean!
Reinstall Bitdefender.

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.
**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
**********

Recommendations


Below are some recommendations to lower your chances of (re)infection.

  • Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.


    Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install

  • Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.

  • Consider Firefox as your primary browser. Its safer, fast and secure!

  • Install WOT. Never inadvertently surf to a dangerous website again.

  • Consider running your browser Sandboxed with Sandboxie. You decide what actually get's into your OS!!

  • Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
**********

System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

**********

Good luck & safe surfing,
Kind Regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Nasanireru

Nasanireru
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 01 December 2009 - 05:30 AM

Hey thcbytes,

Computer seems to be running normal again. Thankyou for your awesome advice :(

Gratefully,
Nathaniel

#12 Nasanireru

Nasanireru
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 01 December 2009 - 04:11 PM

It's back :( I haven't downloaded anything but bitdefender just popped up with the same virus that originaly infected my computer.

"Gen:Trojan.Packed.Heur.ui0eI@5ZvXo". Accessed by psi. Location: C:\ProgramData\BitDefender\Desktop\Quarantine\temp\sounds.dll

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 01 December 2009 - 07:51 PM

Are you getting redirected or experiencing popups?

1. Download the file TDSSKiller.zip and extract it to your desktop.
2. Click start->run->copy-paste "%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v into the textbox and press enter.
3. report.txt should be generated into same location with TDSSKiller.exe. Post contents of that report, please.

Also...
Please give Bitdefender another run and post its detections please.

Thanks,
~ t

Edited by thcbytes, 01 December 2009 - 08:10 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 04 December 2009 - 08:45 AM

Do you still desire assistance?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 10 December 2009 - 10:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users