Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogger help


  • This topic is locked This topic is locked
16 replies to this topic

#1 brownieboy2

brownieboy2

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 July 2010 - 02:44 PM

Hey all, I've recently been having trouble being key logged on World of Warcraft. Here is a Hijack log. Any help is much appreciated.

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\LimeWire\LimeWire.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Spyware Doctor\Alert.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Thanks!!

Edited by brownieboy2, 18 July 2010 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:37 AM

Posted 25 July 2010 - 11:52 AM

Hi brownieboy2,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 brownieboy2

brownieboy2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 25 July 2010 - 10:01 PM

Hey mpascal,

Thank you for the response!

Starting tomorrow morning I will be going out of town until the 29th. During that time the computer will be turned off and untouched.

Please do not close the topic!

I have done as instructed except that when I saved OTL to my desktop and went to run it I received the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Any thoughts on this?

Here is MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4325

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/25/2010 7:08:56 PM
mbam-log-2010-07-25 (19-08-56).txt

Scan type: Quick scan
Objects scanned: 132967
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As for GMER, when I would go to start it I would receive this message: "C:\Windows\System32\Config\System: The process cannot access the file because it is being used by another process." Before running GMER I disabled all anti-vir, disconnected from the internet, and closed all process. Is there something else I need to be doing?

It still allowed me to run the scan but when it was over there was no log. Only a message stating that no system modifications were found.

Sorry if I am doing things wrong, I'm not very tech savvy =/.

Thanks again,
Brown

Edited by brownieboy2, 25 July 2010 - 10:20 PM.


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:37 AM

Posted 26 July 2010 - 12:08 AM

Hi Brown,

There seems to be a problem with the link I gave you, sorry about that. I'll give you a few other links to download OTL from instead. If you are able to get it running, run it using the instructions in my previous post.

http://www.itxassociates.com/OT-Tools/OTL.com
http://www.itxassociates.com/OT-Tools/OTL.exe

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 brownieboy2

brownieboy2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 26 July 2010 - 01:43 AM

Mpascal,

Thank you, it worked fine this time around.

Here is the OTL log:

OTL logfile created on: 7/25/2010 11:32:02 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Brownie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
11.00 Gb Paging File | 9.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.86 Gb Total Space | 480.52 Gb Free Space | 82.16% Space Free | Partition Type: NTFS
Drive D: | 11.21 Gb Total Space | 1.61 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive E: | 677.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BROWNIE-PC
Current User Name: Brownie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Brownie\Desktop\OTL.com (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Users\Brownie\Desktop\OTL.com (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/25 14:07:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/25 14:10:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/07/17 17:21:05 | 000,000,000 | ---D | M]

[2010/05/31 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\Mozilla\Extensions
[2010/05/31 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/25 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\Mozilla\Firefox\Profiles\3fdohx0u.default\extensions
[2010/07/25 14:09:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Brownie\AppData\Roaming\Mozilla\Firefox\Profiles\3fdohx0u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/29 17:50:16 | 000,002,425 | ---- | M] () -- C:\Users\Brownie\AppData\Roaming\Mozilla\Firefox\Profiles\3fdohx0u.default\searchplugins\askcom.xml
[2010/07/18 13:03:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 17:46:43 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/12 17:21:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/18 13:03:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 17:21:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/19 12:33:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Brownie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/19 12:33:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/06/14 13:27:24 | 000,914,498 | R--- | M] () - E:\Autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2002/04/11 16:02:58 | 000,192,512 | R--- | M] (Interplay Entertainment Corp.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/06/13 17:49:22 | 000,000,141 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3893e673-182d-11df-9fdc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3893e673-182d-11df-9fdc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2002/04/11 16:02:58 | 000,192,512 | R--- | M] (Interplay Entertainment Corp.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 22:53:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Brownie\Desktop\OTL.com
[2010/07/25 14:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/07/25 14:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010/07/21 00:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/07/21 00:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/07/19 12:33:55 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Threat Expert
[2010/07/19 12:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/07/19 12:32:30 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010/07/18 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/18 13:02:59 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/18 13:02:59 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/18 13:02:59 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/18 12:29:44 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Malwarebytes
[2010/07/18 12:29:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/18 12:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/18 12:29:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/18 12:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/17 17:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/07/17 17:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/07/17 17:20:21 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/07/17 17:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/07/17 15:54:46 | 008,251,911 | ---- | C] (McAfee Inc.) -- C:\Users\Brownie\Desktop\stinger1001934.exe
[2010/07/17 15:19:16 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/07/17 15:12:16 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Sunbelt Software
[2010/07/17 15:11:23 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Google
[2010/07/17 15:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/07/17 15:11:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/17 15:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/07/17 15:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/07/13 12:56:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/02 17:02:29 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Documents\Dungeons and Dragons Online
[2010/07/02 16:58:29 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Turbine
[2010/07/02 16:57:52 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Turbine
[2010/07/02 16:54:34 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\ApplicationHistory
[2010/07/02 16:53:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/07/02 16:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2010/07/02 15:03:03 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Desktop\DDO high res install files
[2010/07/02 02:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Isle
[2010/07/01 05:37:56 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Template
[2010/06/28 14:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/27 17:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 23:32:17 | 001,310,720 | -HS- | M] () -- C:\Users\Brownie\NTUSER.DAT
[2010/07/25 23:16:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/25 22:53:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Brownie\Desktop\OTL.com
[2010/07/25 19:13:10 | 000,293,376 | ---- | M] () -- C:\Users\Brownie\Desktop\ouq7ulp8.exe
[2010/07/25 18:56:48 | 000,000,000 | ---- | M] () -- C:\Users\Brownie\defogger_reenable
[2010/07/25 15:16:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/25 14:45:14 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrownie.job
[2010/07/25 14:09:10 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/25 14:09:10 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/25 14:01:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/25 14:01:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/25 14:01:25 | 329,166,847 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/25 04:00:42 | 002,380,135 | -H-- | M] () -- C:\Users\Brownie\AppData\Local\IconCache.db
[2010/07/22 12:52:15 | 000,000,223 | ---- | M] () -- C:\Users\Brownie\Desktop\stinger1001934.opt
[2010/07/21 00:50:52 | 000,000,219 | ---- | M] () -- C:\Users\Brownie\Desktop\Alien Swarm.url
[2010/07/21 00:49:58 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/19 13:46:34 | 000,110,126 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpCP1_0524001715.0
[2010/07/19 13:46:34 | 000,110,083 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpCP1_0524001715.JPG
[2010/07/19 12:33:44 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/18 12:56:47 | 000,001,867 | ---- | M] () -- C:\Users\Brownie\Desktop\avp - Shortcut.lnk
[2010/07/18 12:29:29 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 00:49:10 | 000,013,818 | ---- | M] () -- C:\Users\Brownie\Desktop\hijackthis2
[2010/07/17 18:48:59 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/17 18:48:49 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/17 17:35:28 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/07/17 17:35:27 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/07/17 17:35:27 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/07/17 15:54:48 | 008,251,911 | ---- | M] (McAfee Inc.) -- C:\Users\Brownie\Desktop\stinger1001934.exe
[2010/07/17 15:53:06 | 000,000,036 | ---- | M] () -- C:\Users\Brownie\AppData\Local\housecall.guid.cache
[2010/07/17 15:11:56 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/07/17 15:11:56 | 000,002,241 | ---- | M] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/17 15:11:18 | 000,001,168 | ---- | M] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/17 15:11:18 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/12 01:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/07/12 01:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/07/02 17:45:07 | 000,000,640 | ---- | M] () -- C:\Users\Brownie\Desktop\Dungeons & Dragons Online¸¸® Eberron Unlimited™ - Shortcut.lnk
[2010/07/02 16:57:54 | 000,000,095 | ---- | M] () -- C:\Users\Brownie\AppData\Local\fusioncache.dat
[2010/07/02 16:54:16 | 000,821,238 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/02 16:54:16 | 000,679,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/02 16:54:16 | 000,127,864 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/02 02:28:19 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Icewind Dale II.lnk
[2010/07/01 05:53:15 | 000,008,704 | ---- | M] () -- C:\Users\Brownie\Desktop\Coach emails.wps
[2010/07/01 05:53:15 | 000,000,098 | ---- | M] () -- C:\Users\Brownie\AppData\Roaming\wklnhst.dat
[2010/06/28 15:00:12 | 000,011,308 | ---- | M] () -- C:\Users\Brownie\Desktop\hijackthis1
[2010/06/28 14:44:33 | 000,002,095 | ---- | M] () -- C:\Users\Brownie\Desktop\HijackThis.lnk
[2010/06/27 16:40:16 | 000,802,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/25 19:13:10 | 000,293,376 | ---- | C] () -- C:\Users\Brownie\Desktop\ouq7ulp8.exe
[2010/07/25 18:56:48 | 000,000,000 | ---- | C] () -- C:\Users\Brownie\defogger_reenable
[2010/07/21 00:50:52 | 000,000,219 | ---- | C] () -- C:\Users\Brownie\Desktop\Alien Swarm.url
[2010/07/21 00:46:30 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/19 13:46:34 | 000,110,083 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpCP1_0524001715.JPG
[2010/07/19 12:33:44 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/07/19 03:16:29 | 000,000,223 | ---- | C] () -- C:\Users\Brownie\Desktop\stinger1001934.opt
[2010/07/18 12:56:47 | 000,001,867 | ---- | C] () -- C:\Users\Brownie\Desktop\avp - Shortcut.lnk
[2010/07/18 12:29:29 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 00:49:10 | 000,013,818 | ---- | C] () -- C:\Users\Brownie\Desktop\hijackthis2
[2010/07/17 17:21:21 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/07/17 17:21:21 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/07/17 15:53:06 | 000,000,036 | ---- | C] () -- C:\Users\Brownie\AppData\Local\housecall.guid.cache
[2010/07/17 15:28:28 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/07/17 15:11:56 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/07/17 15:11:56 | 000,002,241 | ---- | C] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/17 15:11:30 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/17 15:11:28 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/17 15:11:18 | 000,001,168 | ---- | C] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/17 15:11:18 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/11 23:12:03 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBrownie.job
[2010/07/02 17:45:07 | 000,000,640 | ---- | C] () -- C:\Users\Brownie\Desktop\Dungeons & Dragons Online¸¸® Eberron Unlimited™ - Shortcut.lnk
[2010/07/02 16:57:54 | 000,000,095 | ---- | C] () -- C:\Users\Brownie\AppData\Local\fusioncache.dat
[2010/07/02 02:28:19 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Icewind Dale II.lnk
[2010/07/01 05:43:29 | 000,008,704 | ---- | C] () -- C:\Users\Brownie\Desktop\Coach emails.wps
[2010/07/01 05:37:35 | 000,000,098 | ---- | C] () -- C:\Users\Brownie\AppData\Roaming\wklnhst.dat
[2010/06/28 15:00:12 | 000,011,308 | ---- | C] () -- C:\Users\Brownie\Desktop\hijackthis1
[2010/06/28 14:44:33 | 000,002,095 | ---- | C] () -- C:\Users\Brownie\Desktop\HijackThis.lnk
[2010/06/27 16:45:20 | 000,110,126 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpCP1_0524001715.0
[2010/05/20 18:28:58 | 000,821,238 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/15 12:13:29 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/25 14:01:25 | 000,002,170 | ---- | M] () -- C:\aaw7boot.log
[2010/07/19 12:33:44 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/05/20 18:40:43 | 000,000,500 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/07/25 14:01:25 | 329,166,847 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/25 14:01:26 | 1870,544,895 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:37 AM

Posted 26 July 2010 - 02:16 AM

Hi there,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 brownieboy2

brownieboy2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 26 July 2010 - 04:00 AM

Mpascal,

The OTL worked fine and I rebooted after completion.

Here is the MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4350

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/26/2010 1:45:37 AM
mbam-log-2010-07-26 (01-45-37).txt

Scan type: Quick scan
Objects scanned: 132132
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Brownie\downloads\OTL.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


The Kaspersky program would not download. I'm guessing this is because I already downloaded the newest Kaspersky version (trial) when my computer first showed signs of infection.

"The program could not be started.The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

[ERROR: java.lang.RuntimeException: Kaspersky Online Scanner 7.0 cannot be started because this computer has Kaspersky Internet Security 8.0 (9.0) installed.]"

Thanks,
Brown


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:37 AM

Posted 26 July 2010 - 09:19 AM

Hi there,

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 brownieboy2

brownieboy2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 26 July 2010 - 01:07 PM

Mpascal,

I started the download and scan but It looks like it isn't going to finish before I have to leave. I'm going to abort the scan and turn off my computer. When I get back home on the 29th I will run it and post the log.

~Brown

#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:37 AM

Posted 26 July 2010 - 01:11 PM

Okay sounds good, I'll keep your topic open. smile.gif

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 brownieboy2

brownieboy2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 30 July 2010 - 02:10 PM

Mpascal,

It finally ended after 14 hours and it said no threats found. There was no option to open a log. After it ended there was only the option to uninstall it from my computer or press finish. After pressing finish a screen popped up asking me to download another 30-day free trial or purchase the full version. I'm guessing all the matters is that there were no threats found.

Brown

Edited by brownieboy2, 30 July 2010 - 04:14 PM.


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:37 AM

Posted 30 July 2010 - 10:19 PM

Hi there,

Are you still having any problems at all?

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 brownieboy2

brownieboy2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 30 July 2010 - 11:04 PM

Mpascal,

Here is the log.

OTL logfile created on: 7/30/2010 8:53:35 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Brownie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 68.00% Memory free
11.00 Gb Paging File | 9.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.86 Gb Total Space | 480.40 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive D: | 11.21 Gb Total Space | 1.61 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
Drive E: | 677.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BROWNIE-PC
Current User Name: Brownie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Brownie\Desktop\OTL.com (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Users\Brownie\Desktop\OTL.com (OldTimer Tools)
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/25 14:07:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/26 01:34:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/07/17 17:21:05 | 000,000,000 | ---D | M]

[2010/05/31 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\Mozilla\Extensions
[2010/05/31 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/26 01:36:24 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\Mozilla\Firefox\Profiles\3fdohx0u.default\extensions
[2010/06/29 17:50:16 | 000,002,425 | ---- | M] () -- C:\Users\Brownie\AppData\Roaming\Mozilla\Firefox\Profiles\3fdohx0u.default\searchplugins\askcom.xml
[2010/07/18 13:03:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 17:46:43 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/12 17:21:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/18 13:03:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 17:21:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/19 12:33:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Brownie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/19 12:33:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/06/14 13:27:24 | 000,914,498 | R--- | M] () - E:\Autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2002/04/11 16:02:58 | 000,192,512 | R--- | M] (Interplay Entertainment Corp.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/06/13 17:49:22 | 000,000,141 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3893e673-182d-11df-9fdc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3893e673-182d-11df-9fdc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2002/04/11 16:02:58 | 000,192,512 | R--- | M] (Interplay Entertainment Corp.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/26 10:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/07/26 01:30:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/25 22:53:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Brownie\Desktop\OTL.com
[2010/07/21 00:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/07/21 00:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/07/19 12:33:55 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Threat Expert
[2010/07/19 12:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/07/18 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/18 13:02:59 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/18 13:02:59 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/18 13:02:59 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/18 12:29:44 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Malwarebytes
[2010/07/18 12:29:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/18 12:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/18 12:29:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/18 12:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/17 17:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/07/17 17:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/07/17 17:20:21 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/07/17 17:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/07/17 15:54:46 | 008,251,911 | ---- | C] (McAfee Inc.) -- C:\Users\Brownie\Desktop\stinger1001934.exe
[2010/07/17 15:19:16 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/07/17 15:12:16 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Sunbelt Software
[2010/07/17 15:11:23 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Google
[2010/07/17 15:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/07/17 15:11:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/17 15:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/07/17 15:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/07/02 17:02:29 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Documents\Dungeons and Dragons Online
[2010/07/02 16:58:29 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Turbine
[2010/07/02 16:57:52 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Turbine
[2010/07/02 16:54:34 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\ApplicationHistory
[2010/07/02 16:53:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/07/02 16:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2010/07/02 15:03:03 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Desktop\DDO high res install files
[2010/07/02 02:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Isle
[2010/07/01 05:37:56 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Template
[2010/06/28 14:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/27 17:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/06/21 16:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bronze Disc Burner
[2010/06/08 18:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/06/07 01:24:10 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\LolClient
[2010/06/07 01:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/07 01:22:16 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010/06/07 01:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeagueOfLegends6.1
[2010/06/07 01:10:51 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\PMB Files
[2010/06/07 01:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/06/07 01:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/06/01 00:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/06/01 00:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010/06/01 00:18:03 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Desktop\Burn
[2010/06/01 00:12:22 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/06/01 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/05/31 15:08:04 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Documents\LimeWire
[2010/05/31 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\LimeWire
[2010/05/31 15:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/05/31 15:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2010/05/31 14:34:20 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Desktop\Itunes
[2010/05/31 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Apple Computer
[2010/05/31 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Apple Computer
[2010/05/31 14:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/31 14:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/31 14:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/31 14:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/05/31 14:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/05/31 14:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/31 14:23:54 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Apple
[2010/05/31 14:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/05/31 14:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/31 14:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/31 14:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/31 14:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/31 14:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/05/31 13:01:27 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Documents\Updater5
[2010/05/24 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\CyberLink
[2010/05/24 00:46:49 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\PowerCinema
[2010/05/23 02:30:48 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2010/05/20 18:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2010/05/20 18:36:34 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\hpqLog
[2010/05/20 18:30:41 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\HP Support Assistant
[2010/05/20 18:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Small Business
[2010/05/20 18:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/05/20 18:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/05/20 18:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/05/20 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Desktop\Downloads
[2010/05/20 18:13:53 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\GetRightToGo
[2010/05/19 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Desktop\New
[2010/05/18 00:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
[2010/05/18 00:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
[2010/05/18 00:21:41 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Seven Zip
[2010/05/18 00:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/05/18 00:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/05/18 00:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/18 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Microsoft Help
[2010/05/18 00:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/18 00:19:03 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/15 12:16:52 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Ventrilo
[2010/05/15 12:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo
[2010/05/15 12:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/05/15 00:33:51 | 000,000,000 | ---D | C] -- C:\Users\Brownie\Documents\Neverwinter Nights 2
[2010/05/15 00:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2010/05/15 00:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total War
[2010/05/14 23:59:20 | 000,000,000 | ---D | C] -- C:\Diablo II
[2010/05/14 23:17:14 | 000,000,000 | ---D | C] -- C:\Users\Brownie\D2-1.12A-enUS
[2010/05/14 18:22:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/14 18:22:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/14 01:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/05/13 23:42:23 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\CrashDumps
[2010/05/13 17:46:41 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\WinBatch
[2010/05/13 17:15:39 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\HpUpdate
[2010/05/13 01:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/05/12 23:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/12 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Blizzard Entertainment
[2010/05/12 17:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/05/12 17:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/05/12 17:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/05/12 17:50:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/05/12 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\skypePM
[2010/05/12 17:47:04 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Skype
[2010/05/12 17:46:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/05/12 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/05/12 17:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/05/12 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Diagnostics
[2010/05/12 17:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/12 17:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/05/12 17:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/05/12 17:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/05/12 17:21:00 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010/05/12 17:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/05/12 17:18:42 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Mozilla
[2010/05/12 17:18:42 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Mozilla
[2010/05/12 17:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/05/12 17:14:59 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Macromedia
[2010/05/12 17:14:59 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Adobe
[2010/05/12 17:14:57 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Adobe
[2010/05/12 17:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/12 17:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/05/12 17:07:16 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\ATI
[2010/05/12 17:07:16 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\ATI
[2010/05/12 17:06:15 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\PictureMover
[2010/05/12 17:05:59 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Searches
[2010/05/12 17:05:58 | 000,000,000 | -H-D | C] -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/05/12 17:05:51 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Identities
[2010/05/12 17:05:49 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Contacts
[2010/05/12 17:05:48 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\VirtualStore
[2010/05/12 17:01:24 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Hewlett-Packard
[2010/05/12 17:01:17 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Hewlett-Packard
[2010/05/12 17:00:39 | 000,000,000 | --SD | C] -- C:\Users\Brownie\AppData\Roaming\Microsoft
[2010/05/12 17:00:39 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Favorites
[2010/05/12 17:00:39 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Downloads
[2010/05/12 17:00:39 | 000,000,000 | R--D | C] -- C:\Users\Brownie\My Documents
[2010/05/12 17:00:39 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Desktop
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\AppData\Local\Temporary Internet Files
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Templates
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Start Menu
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\SendTo
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Recent
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\PrintHood
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\NetHood
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Documents\My Videos
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Documents\My Pictures
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Documents\My Music
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\My Documents
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Local Settings
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\AppData\Local\History
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Cookies
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\Application Data
[2010/05/12 17:00:39 | 000,000,000 | -HSD | C] -- C:\Users\Brownie\AppData\Local\Application Data
[2010/05/12 17:00:39 | 000,000,000 | -H-D | C] -- C:\Users\Brownie\AppData
[2010/05/12 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Temp
[2010/05/12 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\Microsoft
[2010/05/12 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Roaming\Media Center Programs
[2010/05/12 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Brownie\AppData\Local\HuluDesktop
[2010/05/12 17:00:38 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Videos
[2010/05/12 17:00:38 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Saved Games
[2010/05/12 17:00:38 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Pictures
[2010/05/12 17:00:38 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Music
[2010/05/12 17:00:38 | 000,000,000 | R--D | C] -- C:\Users\Brownie\Links

========== Files - Modified Within 90 Days ==========

[2010/07/30 20:55:23 | 001,310,720 | -HS- | M] () -- C:\Users\Brownie\NTUSER.DAT
[2010/07/30 20:16:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/30 16:17:20 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/07/30 15:16:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/30 11:51:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/29 23:41:20 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/07/29 23:41:20 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/07/26 19:33:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 19:33:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/26 19:27:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/26 19:27:30 | 329,166,847 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 11:08:37 | 002,384,215 | -H-- | M] () -- C:\Users\Brownie\AppData\Local\IconCache.db
[2010/07/26 10:34:21 | 002,672,312 | ---- | M] () -- C:\Users\Brownie\Desktop\esetsmartinstaller_enu.exe
[2010/07/26 01:32:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrownie.job
[2010/07/25 22:53:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Brownie\Desktop\OTL.com
[2010/07/25 19:13:10 | 000,293,376 | ---- | M] () -- C:\Users\Brownie\Desktop\ouq7ulp8.exe
[2010/07/25 18:56:48 | 000,000,000 | ---- | M] () -- C:\Users\Brownie\defogger_reenable
[2010/07/22 12:52:15 | 000,000,223 | ---- | M] () -- C:\Users\Brownie\Desktop\stinger1001934.opt
[2010/07/21 00:50:52 | 000,000,219 | ---- | M] () -- C:\Users\Brownie\Desktop\Alien Swarm.url
[2010/07/21 00:49:58 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/19 13:46:34 | 000,110,126 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpCP1_0524001715.0
[2010/07/19 13:46:34 | 000,110,083 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpCP1_0524001715.JPG
[2010/07/19 12:33:44 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/18 12:56:47 | 000,001,867 | ---- | M] () -- C:\Users\Brownie\Desktop\avp - Shortcut.lnk
[2010/07/18 12:29:29 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 00:49:10 | 000,013,818 | ---- | M] () -- C:\Users\Brownie\Desktop\hijackthis2
[2010/07/17 18:48:59 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/17 18:48:49 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/17 17:35:28 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/07/17 15:54:48 | 008,251,911 | ---- | M] (McAfee Inc.) -- C:\Users\Brownie\Desktop\stinger1001934.exe
[2010/07/17 15:53:06 | 000,000,036 | ---- | M] () -- C:\Users\Brownie\AppData\Local\housecall.guid.cache
[2010/07/17 15:11:56 | 000,002,241 | ---- | M] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/17 15:11:18 | 000,001,168 | ---- | M] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/17 15:11:18 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/12 01:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/07/12 01:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/07/02 17:45:07 | 000,000,640 | ---- | M] () -- C:\Users\Brownie\Desktop\Dungeons & Dragons Online¸¸® Eberron Unlimited™ - Shortcut.lnk
[2010/07/02 16:57:54 | 000,000,095 | ---- | M] () -- C:\Users\Brownie\AppData\Local\fusioncache.dat
[2010/07/02 16:54:16 | 000,821,238 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/02 16:54:16 | 000,679,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/02 16:54:16 | 000,127,864 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/02 02:28:19 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Icewind Dale II.lnk
[2010/07/01 05:53:15 | 000,008,704 | ---- | M] () -- C:\Users\Brownie\Desktop\Coach emails.wps
[2010/07/01 05:53:15 | 000,000,098 | ---- | M] () -- C:\Users\Brownie\AppData\Roaming\wklnhst.dat
[2010/06/28 15:00:12 | 000,011,308 | ---- | M] () -- C:\Users\Brownie\Desktop\hijackthis1
[2010/06/28 14:44:33 | 000,002,095 | ---- | M] () -- C:\Users\Brownie\Desktop\HijackThis.lnk
[2010/06/27 16:40:16 | 000,802,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/15 14:17:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 13:04:03 | 000,438,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/08 18:43:04 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/06/07 01:23:50 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/01 00:20:32 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2010/06/01 00:12:23 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/05/31 15:08:06 | 000,001,863 | ---- | M] () -- C:\Users\Brownie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/05/31 15:07:25 | 000,001,917 | ---- | M] () -- C:\Users\Brownie\Desktop\LimeWire 5.5.9.lnk
[2010/05/31 14:24:08 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/24 18:32:29 | 000,826,413 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpMATT BRIDGE 052310.JPG
[2010/05/24 18:31:55 | 003,743,801 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpMATT BRIDGE 052310.0
[2010/05/24 01:07:33 | 000,272,089 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpDSC00089_CROP.JPG
[2010/05/24 00:59:38 | 000,250,375 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpDSC00090_CROP.JPG
[2010/05/24 00:57:59 | 004,080,230 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpDSC00090.JPG
[2010/05/24 00:57:10 | 000,964,301 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpDSC00089.JPG
[2010/05/24 00:57:09 | 004,004,936 | ---- | M] () -- C:\Users\Brownie\AppData\Local\tmpDSC00089.0
[2010/05/22 16:17:49 | 000,116,112 | ---- | M] () -- C:\Users\Brownie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/21 02:28:03 | 000,000,945 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2010/05/21 02:14:20 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/05/21 01:01:06 | 000,011,445 | ---- | M] () -- C:\Users\Brownie\Documents\archreport1.docx
[2010/05/21 00:51:51 | 017,262,033 | ---- | M] () -- C:\Users\Brownie\Documents\Architecture Through the Ages.pptx
[2010/05/18 00:21:46 | 000,002,285 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2010/05/15 19:21:12 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/15 19:21:12 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/15 12:13:32 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/12 23:52:58 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/05/12 17:49:01 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/05/12 17:18:40 | 000,001,965 | ---- | M] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/12 17:18:40 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/12 17:14:39 | 000,001,439 | ---- | M] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/12 17:12:04 | 000,000,355 | ---- | M] () -- C:\Users\Brownie\Desktop\Computer - Shortcut.lnk
[2010/05/12 17:07:40 | 000,524,288 | -HS- | M] () -- C:\Users\Brownie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/12 17:07:40 | 000,524,288 | -HS- | M] () -- C:\Users\Brownie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 17:07:40 | 000,065,536 | -HS- | M] () -- C:\Users\Brownie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/12 17:06:09 | 000,001,411 | ---- | M] () -- C:\Users\Brownie\Desktop\Internet Explorer (64-bit).lnk
[2010/05/12 17:01:05 | 000,001,797 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_AY614AA-ABA p6347c_YC_0Pavi_QMXU006_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.05_T091026_WUH0_L409_M5880_J640_7AMD_8Athlon II X4 630_92.8_#_N10EC8168_Z_G10029710_Ohp DVD A DH16AAL SCSI CdRom Device.MRK
[2010/05/12 17:01:05 | 000,001,797 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_AY614AA-ABA p6347c_YC_0Pavi_QMXU006_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.05_T091026_WUH0_L409_M5880_J640_7AMD_8Athlon II X4 630_92.8_#_N10EC8168_Z_G10029710_Ohp DVD A DH16AAL SCSI CdRom Device.MRK
[2010/05/12 17:00:39 | 000,000,020 | -HS- | M] () -- C:\Users\Brownie\ntuser.ini
[2010/05/12 16:59:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/05/12 16:59:38 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2010/07/26 10:34:10 | 002,672,312 | ---- | C] () -- C:\Users\Brownie\Desktop\esetsmartinstaller_enu.exe
[2010/07/25 19:13:10 | 000,293,376 | ---- | C] () -- C:\Users\Brownie\Desktop\ouq7ulp8.exe
[2010/07/25 18:56:48 | 000,000,000 | ---- | C] () -- C:\Users\Brownie\defogger_reenable
[2010/07/21 00:50:52 | 000,000,219 | ---- | C] () -- C:\Users\Brownie\Desktop\Alien Swarm.url
[2010/07/21 00:46:30 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/19 13:46:34 | 000,110,083 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpCP1_0524001715.JPG
[2010/07/19 12:33:44 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/07/19 03:16:29 | 000,000,223 | ---- | C] () -- C:\Users\Brownie\Desktop\stinger1001934.opt
[2010/07/18 12:56:47 | 000,001,867 | ---- | C] () -- C:\Users\Brownie\Desktop\avp - Shortcut.lnk
[2010/07/18 12:29:29 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 00:49:10 | 000,013,818 | ---- | C] () -- C:\Users\Brownie\Desktop\hijackthis2
[2010/07/17 17:21:21 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/07/17 17:21:21 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/07/17 15:53:06 | 000,000,036 | ---- | C] () -- C:\Users\Brownie\AppData\Local\housecall.guid.cache
[2010/07/17 15:28:28 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/07/17 15:11:56 | 000,002,342 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/07/17 15:11:56 | 000,002,241 | ---- | C] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/17 15:11:30 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/17 15:11:28 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/17 15:11:18 | 000,001,168 | ---- | C] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/17 15:11:18 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/11 23:12:03 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBrownie.job
[2010/07/02 17:45:07 | 000,000,640 | ---- | C] () -- C:\Users\Brownie\Desktop\Dungeons & Dragons Online¸¸® Eberron Unlimited™ - Shortcut.lnk
[2010/07/02 16:57:54 | 000,000,095 | ---- | C] () -- C:\Users\Brownie\AppData\Local\fusioncache.dat
[2010/07/02 02:28:19 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Icewind Dale II.lnk
[2010/07/01 05:43:29 | 000,008,704 | ---- | C] () -- C:\Users\Brownie\Desktop\Coach emails.wps
[2010/07/01 05:37:35 | 000,000,098 | ---- | C] () -- C:\Users\Brownie\AppData\Roaming\wklnhst.dat
[2010/06/28 15:00:12 | 000,011,308 | ---- | C] () -- C:\Users\Brownie\Desktop\hijackthis1
[2010/06/28 14:44:33 | 000,002,095 | ---- | C] () -- C:\Users\Brownie\Desktop\HijackThis.lnk
[2010/06/27 16:45:20 | 000,110,126 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpCP1_0524001715.0
[2010/06/15 14:17:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/08 18:43:04 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/06/07 01:23:50 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2010/06/01 00:20:32 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2010/06/01 00:12:23 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/05/31 15:08:06 | 000,001,863 | ---- | C] () -- C:\Users\Brownie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/05/31 15:07:25 | 000,001,917 | ---- | C] () -- C:\Users\Brownie\Desktop\LimeWire 5.5.9.lnk
[2010/05/31 14:25:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/31 14:24:08 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/24 18:31:55 | 003,743,801 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpMATT BRIDGE 052310.0
[2010/05/24 18:31:55 | 000,826,413 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpMATT BRIDGE 052310.JPG
[2010/05/24 01:07:33 | 000,272,089 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpDSC00089_CROP.JPG
[2010/05/24 00:59:38 | 000,250,375 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpDSC00090_CROP.JPG
[2010/05/24 00:57:59 | 004,080,230 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpDSC00090.JPG
[2010/05/24 00:57:10 | 000,964,301 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpDSC00089.JPG
[2010/05/24 00:57:09 | 004,004,936 | ---- | C] () -- C:\Users\Brownie\AppData\Local\tmpDSC00089.0
[2010/05/21 00:52:07 | 000,011,445 | ---- | C] () -- C:\Users\Brownie\Documents\archreport1.docx
[2010/05/20 23:01:10 | 017,262,033 | ---- | C] () -- C:\Users\Brownie\Documents\Architecture Through the Ages.pptx
[2010/05/20 18:28:58 | 000,821,238 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/18 00:21:46 | 000,002,285 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2010/05/15 12:13:29 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/12 17:49:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/12 17:46:34 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/12 17:21:05 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/05/12 17:21:05 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/12 17:18:40 | 000,001,965 | ---- | C] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/12 17:18:40 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/12 17:14:39 | 000,001,439 | ---- | C] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/12 17:12:32 | 000,000,544 | ---- | C] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/05/12 17:12:04 | 000,000,355 | ---- | C] () -- C:\Users\Brownie\Desktop\Computer - Shortcut.lnk
[2010/05/12 17:06:09 | 000,001,411 | ---- | C] () -- C:\Users\Brownie\Desktop\Internet Explorer (64-bit).lnk
[2010/05/12 17:01:09 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/05/12 17:01:03 | 000,001,797 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_AY614AA-ABA p6347c_YC_0Pavi_QMXU006_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.05_T091026_WUH0_L409_M5880_J640_7AMD_8Athlon II X4 630_92.8_#_N10EC8168_Z_G10029710_Ohp DVD A DH16AAL SCSI CdRom Device.MRK
[2010/05/12 17:01:03 | 000,001,797 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_AY614AA-ABA p6347c_YC_0Pavi_QMXU006_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.05_T091026_WUH0_L409_M5880_J640_7AMD_8Athlon II X4 630_92.8_#_N10EC8168_Z_G10029710_Ohp DVD A DH16AAL SCSI CdRom Device.MRK
[2010/05/12 17:00:39 | 000,524,288 | -HS- | C] () -- C:\Users\Brownie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/12 17:00:39 | 000,524,288 | -HS- | C] () -- C:\Users\Brownie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 17:00:39 | 000,262,144 | -HS- | C] () -- C:\Users\Brownie\ntuser.dat.LOG1
[2010/05/12 17:00:39 | 000,065,536 | -HS- | C] () -- C:\Users\Brownie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/12 17:00:39 | 000,000,290 | ---- | C] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/05/12 17:00:39 | 000,000,272 | ---- | C] () -- C:\Users\Brownie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/05/12 17:00:39 | 000,000,020 | -HS- | C] () -- C:\Users\Brownie\ntuser.ini
[2010/05/12 17:00:39 | 000,000,000 | -HS- | C] () -- C:\Users\Brownie\ntuser.dat.LOG2
[2010/05/12 17:00:38 | 001,310,720 | -HS- | C] () -- C:\Users\Brownie\NTUSER.DAT
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/20 18:30:28 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\GetRightToGo
[2010/07/30 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\LimeWire
[2010/06/07 01:24:10 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\LolClient
[2010/05/12 17:06:17 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\PictureMover
[2010/07/01 05:37:56 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\Template
[2010/07/02 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\Turbine
[2010/05/13 17:46:41 | 000,000,000 | ---D | M] -- C:\Users\Brownie\AppData\Roaming\WinBatch
[2010/05/12 23:52:58 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/13 22:08:49 | 000,015,880 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >


Thanks again.

#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:37 AM

Posted 31 July 2010 - 11:33 PM

Everything looks good to me, how's everything running on your end?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 brownieboy2

brownieboy2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 05 August 2010 - 03:45 PM

Mpascal,

Waited a couple days just to see if everything was working fine and it seems great.

Thanks for all of your help,
Brown




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users