Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Suite Rogue Antivirus


  • This topic is locked This topic is locked
40 replies to this topic

#1 Rewster

Rewster

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 14 August 2010 - 12:37 PM

I was watching videos with MegavIdeo, when a website popped up after clicking the player was blocked by Firefox, due to being listed as an attack site. I simply closed out of the website, thinking nothing of it. Now half an hour later, numerous windows popped up asking to run CMD, and an unknown .exe was asking permission to load. These would popup without stop, no matter how many times I closed them.

I am infected by Security Suite rogue antivirus, and it will not let me do anything outside of Safe Mode. I looked in the uninstall list, and it doesn't seem to be listed.

I also am having trouble with GMER, as it will have all of the boxes greyed out, and only lets me have these options checked: Services, Registry, Files, C:\, and ADS.

-Just finished a MBAM Full scan, 24 infected files found. Attaching log.


DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by home at 12:38:29.65 on Sat 08/14/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3838.2938 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\home\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0309&m=dx4200-09
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: SearchHelper Class: {91c18ed5-5e1c-4ae5-a148-a861de8c8e16} - c:\program files (x86)\sgpsa\mtwb3sh.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files (x86)\sgpsa\BHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BitTorrent DNA] "c:\users\home\program files (x86)\dna\btdna.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Dfipokezezocoho] rundll32.exe "c:\users\home\appdata\local\we4032.dll",Startup
uRun: [kalaxrit] c:\users\home\appdata\local\houiphcfm\qhkdcacshdw.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [Smart Copy] "c:\program files (x86)\ioi\smart copy\ButtonMonitor.exe" -A
mRun: [eRecoveryService]
mRun: [P2Go_Menu] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Bar] c:\users\home\appdata\local\microsoft\windows\temporary internet files\content.ie5\sadfc401\access[1].exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

================= FIREFOX ===================

FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\mrnquo48.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={DEE19A75-FA34-7C4C-0E35-882E4B316E7B}&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\home\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\home\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\home\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\home\program files (x86)\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\navx64\1008000.029\SymEFA64.sys [2010-1-27 402992]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2008-8-5 392192]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\navx64\1008000.029\BHDrvx64.sys [2010-1-27 334384]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\navx64\1008000.029\cchpx64.sys [2010-1-27 583296]
S1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100520.001\IDSviA64.sys [2009-10-28 466992]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ETService;Empowering Technology Service;c:\program files\gateway\gateway recovery management\service\ETService.exe [2009-3-25 24576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-2 135664]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files (x86)\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-1-27 117640]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 132656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB64.sys [2007-4-3 1418112]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\navx64\1008000.029\symndisv.sys [2010-1-27 56880]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-5-31 93184]

=============== Created Last 30 ================

2010-08-14 17:13:51 0 d-----w- c:\programdata\Update
2010-08-14 17:13:15 0 d-----w- c:\users\home\appdata\roaming\2B2CF94012581557DBFF5E801EB42A26
2010-08-14 00:34:14 0 d-----w- c:\program files (x86)\AC Tool
2010-08-13 23:35:14 55 ----a-w- c:\windows\SpeederXP.INI
2010-08-11 03:46:22 0 d-----w- c:\program files\iPod
2010-08-11 03:46:20 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-08-11 03:46:20 0 d-----w- c:\program files\iTunes
2010-08-11 03:46:20 0 d-----w- c:\program files (x86)\iTunes
2010-08-11 03:39:14 0 d-----w- c:\program files\Bonjour
2010-08-11 03:39:14 0 d-----w- c:\program files (x86)\Bonjour
2010-08-11 03:32:31 0 d-----w- c:\programdata\Yahoo! Companion
2010-08-11 03:32:06 0 d-----w- c:\programdata\Yahoo!
2010-08-11 03:29:38 0 d-----w- c:\program files (x86)\Yahoo!
2010-08-11 01:17:37 0 ----a-w- c:\users\home\defogger_reenable
2010-08-07 19:03:24 0 d-----w- c:\program files (x86)\DRGunZ 3.0
2010-08-07 02:13:09 0 d-----w- c:\users\home\appdata\roaming\gunz-mrb
2010-08-05 21:12:09 0 d-----w- c:\program files (x86)\Trinity GunZ
2010-08-03 01:15:12 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-31 00:26:03 0 d-----w- C:\Fraps
2010-07-31 00:17:48 347 ----a-w- c:\windows\wininit.ini
2010-07-31 00:17:47 0 d-----w- c:\users\home\appdata\roaming\BitTorrent
2010-07-31 00:17:43 0 d-----w- c:\program files (x86)\BitTorrent
2010-07-27 22:58:09 32 ----a-w- c:\windows\GunzLauncher.INI
2010-07-27 22:51:43 0 d-----w- c:\program files (x86)\Freestyle GunZ
2010-07-27 02:30:49 77358 ----a-w- c:\windows\syswow64\wbers.dat.dmp
2010-07-27 02:30:14 3731176 ----a-w- c:\windows\syswow64\GameMon.des
2010-07-27 02:29:47 5174 ----a-w- c:\windows\syswow64\nppt9x.vxd
2010-07-27 02:29:47 4682 ----a-w- c:\windows\syswow64\npptNT2.sys
2010-07-27 02:29:20 0 d-----w- c:\program files\common files\INCA Shared
2010-07-27 02:22:20 9728 ----a-w- c:\windows\syswow64\uc_karos_launching.dll
2010-07-27 02:22:20 64000 ----a-w- c:\windows\syswow64\uc_sfighters_launching.dll
2010-07-27 02:22:20 53248 ----a-w- c:\windows\syswow64\uc_luminary_launching.dll
2010-07-27 02:22:20 427008 ----a-w- c:\windows\syswow64\uc_wepic_launching.dll
2010-07-27 02:22:20 208384 ----a-w- c:\windows\syswow64\uc_rohan_launching.dll
2010-07-27 02:22:20 147456 ----a-w- c:\windows\syswow64\uc_neosteam_launching.dll
2010-07-27 02:22:19 86624 ----a-w- c:\windows\syswow64\ijjiChannelingPlugin.dll
2010-07-27 02:22:19 75264 ----a-w- c:\windows\syswow64\uc_holybeast_launching.dll
2010-07-27 02:22:19 713312 ----a-w- c:\windows\syswow64\ijjiSetup.exe
2010-07-27 02:22:19 62048 ----a-w- c:\windows\syswow64\ijjiProcessRestarter.exe
2010-07-27 02:22:19 61440 ----a-w- c:\windows\syswow64\uc_atlantica_launching.dll
2010-07-27 02:22:19 57952 ----a-w- c:\windows\syswow64\ijjiPlugin2.dll
2010-07-27 02:22:19 0 d-----w- c:\program files (x86)\ijji
2010-07-27 02:07:41 0 d-----w- C:\ijji
2010-07-26 22:37:30 0 d--h--w- c:\windows\msdownld.tmp
2010-07-26 22:37:28 0 d-----w- c:\windows\syswow64\directx
2010-07-26 21:31:11 0 d-----w- C:\Nexon
2010-07-25 17:50:59 0 d-----w- c:\users\home\appdata\roaming\MusicNet
2010-07-25 17:48:09 0 dc-h--w- c:\programdata\{D398BDFF-BC85-4852-B26D-4CA820357DB2}
2010-07-25 17:47:50 0 d-----w- c:\programdata\BearShare
2010-07-25 17:47:50 0 d-----w- c:\program files (x86)\BearShare Applications

==================== Find3M ====================

2010-08-11 03:40:57 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-11 03:40:57 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-11 03:40:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-24 03:56:58 525792 ----a-w- c:\windows\DIFxAPI.dll
2010-06-28 16:56:48 1032704 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:17:26 833024 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-28 16:17:07 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-28 16:15:50 146432 ----a-w- c:\windows\syswow64\occache.dll
2010-06-28 16:14:56 671232 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-28 16:14:41 476672 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-28 16:14:41 3586560 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-28 16:14:39 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-28 16:13:52 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-28 16:13:33 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-28 16:13:33 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-28 16:13:32 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-28 16:13:32 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-28 16:13:32 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:13:31 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2010-06-21 13:53:02 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:17:49 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 16:43:54 36352 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-18 15:13:01 462848 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:12:38 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:40:37 1420176 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-15 02:16:24 86016 ----a-w- c:\windows\syswow64\frapsvid.dll
2010-06-15 02:16:22 84992 ----a-w- c:\windows\system32\frapsv64.dll
2010-06-11 16:09:43 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:08:18 1875456 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 15:31:42 274432 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 15:30:23 1257472 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 17:47:14 4690832 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-03 20:53:00 1498960 ----a-w- c:\windows\syswow64\msvcr100d.dll
2010-06-03 20:52:54 761152 ----a-w- c:\windows\syswow64\msvcr100.dll
2010-06-03 20:51:19 761152 ----a-w- c:\windows\system32\msvcr100.dll
2010-06-03 20:42:40 1498960 ----a-w- c:\windows\system32\msvcr100d.dll
2010-06-02 09:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 09:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 09:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 09:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 09:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 09:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 19:16:09 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-05-26 16:53:52 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 16:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 16:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
2010-05-26 16:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 16:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 16:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
2010-05-26 16:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
2010-05-26 16:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
2010-05-26 16:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 16:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
2010-05-26 16:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 16:16:50 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 14:56:53 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 19:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 21:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:55:18 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 21:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 21:35:16 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2008-11-03 20:45:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:38:41.36 ===============

Attached Files


Edited by Rewster, 14 August 2010 - 01:50 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 14 August 2010 - 01:56 PM

I will help you with this computer also. I want you to have a full functional clean computer for your other sick computer.

Please note...

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Please note with Vista you will need to right click and run as admin to make most of my apps run.

==========

RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
  • It shall produce a log located at C:\RKill. Please copy and paste it into your next reply.

==========
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.


    Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All

  4. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT

  5. Push
  6. A report will open. Copy and Paste that report in your next reply.
  7. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


==========

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* RKU log
* MbrCheck log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 14 August 2010 - 02:03 PM

I also have a browser redirect virus that isn't letting me open your first link. It will simply take me to a search from Fast Browser Search, and not let me download the first one. I have had this for a while, and I simply coped with it and ignored it.

Tried using Google Chrome and Internet Explorer, but neither of the browsers seem to be working. They both give errors when trying to open a site. Firefox is the only working browser, and it has the redirect virus.
----------------------------------------------------

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as home on 08/14/2010 at 14:17:09.


Processes terminated by Rkill or while it was running:


C:\Users\home\Program Files (x86)\DNA\btdna.exe
C:\Users\home\Downloads\rkill.scr
C:\Windows\SysWOW64\verclsid.exe


Rkill completed on 08/14/2010 at 14:17:23.

----------------------------------------------------------------

OTL logfile created on: 8/14/2010 2:19:58 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 442.22 Gb Free Space | 75.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.34% Space Free | Partition Type: FAT32

Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/14 14:19:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
PRC - [2010/07/26 18:15:50 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/27 21:58:21 | 001,009,032 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\CLTLMH.EXE
PRC - [2009/08/22 01:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/05/31 11:52:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/05/21 17:36:36 | 000,053,248 | ---- | M] (IOI) -- C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2008/01/20 21:50:25 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\runonce.exe
PRC - [2007/08/16 20:17:56 | 002,342,912 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2010/08/14 14:19:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2008/07/22 09:12:08 | 000,902,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2010/06/27 14:04:15 | 003,731,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/22 01:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (All) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2010/06/18 10:13:01 | 000,462,848 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\srv.sys -- (srv)
DRV:64bit: - [2010/06/18 10:12:38 | 000,174,592 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\srv2.sys -- (srv2)
DRV:64bit: - [2010/06/16 11:40:37 | 001,420,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tcpip.sys -- (Tcpip6)
DRV:64bit: - [2010/06/16 11:40:37 | 001,420,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/23 06:46:43 | 000,135,168 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2010/02/23 06:46:40 | 000,273,920 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2010/02/23 06:46:37 | 000,105,472 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2010/02/20 16:40:37 | 000,610,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HTTP.sys -- (HTTP)
DRV:64bit: - [2010/02/18 07:15:23 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tunnel.sys -- (tunnel)
DRV:64bit: - [2010/01/27 21:58:21 | 000,583,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/12/11 07:26:39 | 000,141,824 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\srvnet.sys -- (srvnet)
DRV:64bit: - [2009/08/22 01:37:16 | 000,476,720 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/22 01:37:16 | 000,402,992 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/22 01:37:16 | 000,334,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 01:37:16 | 000,278,576 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/08/22 01:37:16 | 000,120,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/08/22 01:37:16 | 000,056,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/08/22 01:37:16 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/19 06:31:38 | 000,172,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/18 13:59:44 | 000,031,280 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/06/15 20:31:37 | 000,515,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/12 19:13:23 | 000,181,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/08/05 03:03:00 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/08/01 20:20:01 | 000,883,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2008/07/22 09:58:24 | 004,647,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/05/19 21:33:46 | 000,187,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2008/04/27 20:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/04/04 20:55:47 | 000,094,208 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\pacer.sys -- (PSched)
DRV:64bit: - [2008/03/05 01:22:34 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/22 00:30:43 | 000,022,584 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2008/02/22 00:30:24 | 000,016,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2008/01/20 21:51:19 | 000,078,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rassstp.sys -- (RasSstp) WAN Miniport (SSTP)
DRV:64bit: - [2008/01/20 21:51:14 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2008/01/20 21:51:14 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2008/01/20 21:51:07 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2008/01/20 21:51:01 | 000,022,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2008/01/20 21:50:59 | 000,070,200 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2008/01/20 21:50:53 | 000,275,512 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltmgr.sys -- (FltMgr)
DRV:64bit: - [2008/01/20 21:50:46 | 000,363,064 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\CLFS.sys -- (CLFS) Common Log (CLFS)
DRV:64bit: - [2008/01/20 21:50:45 | 000,090,624 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bowser.sys -- (bowser)
DRV:64bit: - [2008/01/20 21:50:45 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2008/01/20 21:50:39 | 000,881,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2008/01/20 21:50:39 | 000,090,624 | ---- | M] () [File_System | Disabled | Running] -- C:\Windows\SysNative\DRIVERS\cdfs.sys -- (cdfs)
DRV:64bit: - [2008/01/20 21:50:38 | 000,739,384 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2008/01/20 21:50:38 | 000,299,520 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs)
DRV:64bit: - [2008/01/20 21:50:35 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\umpass.sys -- (UMPass)
DRV:64bit: - [2008/01/20 21:50:25 | 000,070,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (MountMgr)
DRV:64bit: - [2008/01/20 21:50:24 | 000,038,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2008/01/20 21:50:11 | 000,250,368 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\netbt.sys -- (netbt)
DRV:64bit: - [2008/01/20 21:50:11 | 000,088,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV:64bit: - [2008/01/20 21:50:10 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2008/01/20 21:50:09 | 000,108,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2008/01/20 21:50:04 | 000,040,448 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:64bit: - [2008/01/20 21:49:59 | 000,124,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV:64bit: - [2008/01/20 21:49:59 | 000,098,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV:64bit: - [2008/01/20 21:49:58 | 000,097,792 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2008/01/20 21:49:58 | 000,022,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2008/01/20 21:49:53 | 000,094,208 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tdx.sys -- (tdx)
DRV:64bit: - [2008/01/20 21:49:52 | 000,011,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV:64bit: - [2008/01/20 21:49:52 | 000,007,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MSTEE.sys -- (MSTEE)
DRV:64bit: - [2008/01/20 21:49:51 | 000,028,672 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2008/01/20 21:49:48 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rdpencdd.sys -- (RDPENCDD)
DRV:64bit: - [2008/01/20 21:49:42 | 000,081,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2008/01/20 21:49:42 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2008/01/20 21:49:42 | 000,020,992 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2008/01/20 21:49:34 | 000,067,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2008/01/20 21:49:31 | 000,074,808 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2008/01/20 21:49:16 | 000,109,568 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2008/01/20 21:49:15 | 000,075,776 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rspndr.sys -- (rspndr)
DRV:64bit: - [2008/01/20 21:49:15 | 000,059,392 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lltdio.sys -- (lltdio)
DRV:64bit: - [2008/01/20 21:49:08 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2008/01/20 21:49:00 | 000,020,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2008/01/20 21:48:55 | 000,409,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2008/01/20 21:48:45 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipnat.sys -- (IPNAT)
DRV:64bit: - [2008/01/20 21:48:45 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2008/01/20 21:48:45 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tunmp.sys -- (tunmp)
DRV:64bit: - [2008/01/20 21:48:44 | 000,086,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2008/01/20 21:48:44 | 000,086,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wanarp.sys -- (Wanarp)
DRV:64bit: - [2008/01/20 21:48:28 | 000,033,280 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2008/01/20 21:48:27 | 000,044,544 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\netbios.sys -- (NetBIOS)
DRV:64bit: - [2008/01/20 21:48:24 | 000,014,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rasacd.sys -- (RasAcd)
DRV:64bit: - [2008/01/20 21:48:21 | 000,288,256 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\rdbss.sys -- (rdbss)
DRV:64bit: - [2008/01/20 21:48:18 | 000,408,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:64bit: - [2008/01/20 21:48:15 | 000,061,496 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\mup.sys -- (Mup)
DRV:64bit: - [2008/01/20 21:48:14 | 000,169,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2008/01/20 21:47:44 | 000,134,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2008/01/20 21:47:43 | 000,157,240 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ecache.sys -- (Ecache)
DRV:64bit: - [2008/01/20 21:47:30 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2008/01/20 21:47:28 | 000,076,288 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ipmidrv.sys -- (IPMIDRV)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:28 | 000,035,896 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\i2omp.sys -- (i2omp)
DRV:64bit: - [2008/01/20 21:47:27 | 000,185,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2008/01/20 21:47:27 | 000,064,000 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2008/01/20 21:47:27 | 000,042,040 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2008/01/20 21:47:27 | 000,024,120 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2008/01/20 21:47:27 | 000,020,480 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2008/01/20 21:47:26 | 000,128,056 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2008/01/20 21:47:26 | 000,078,392 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2008/01/20 21:47:25 | 000,149,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2008/01/20 21:47:25 | 000,066,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2008/01/20 21:47:25 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbehci.sys -- (usbehci)
DRV:64bit: - [2008/01/20 21:47:25 | 000,041,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbscan.sys -- (usbscan)
DRV:64bit: - [2008/01/20 21:47:25 | 000,029,696 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\fdc.sys -- (fdc)
DRV:64bit: - [2008/01/20 21:47:25 | 000,029,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2008/01/20 21:47:25 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbohci.sys -- (usbohci)
DRV:64bit: - [2008/01/20 21:47:04 | 000,113,720 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2008/01/20 21:47:04 | 000,055,296 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2008/01/20 21:47:03 | 000,271,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2008/01/20 21:47:03 | 000,041,984 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2008/01/20 21:47:01 | 000,270,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbhub.sys -- (usbhub)
DRV:64bit: - [2008/01/20 21:47:01 | 000,113,720 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2008/01/20 21:47:01 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2008/01/20 21:47:00 | 000,091,192 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2008/01/20 21:47:00 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\monitor.sys -- (monitor)
DRV:64bit: - [2008/01/20 21:47:00 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vgapnp.sys -- (vga)
DRV:64bit: - [2008/01/20 21:47:00 | 000,014,848 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2008/01/20 21:47:00 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2008/01/20 21:47:00 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2008/01/20 21:46:59 | 000,397,368 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2008/01/20 21:46:59 | 000,290,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastorv.sys -- (iaStorV)
DRV:64bit: - [2008/01/20 21:46:59 | 000,215,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2008/01/20 21:46:59 | 000,068,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gagp30kx.sys -- (gagp30kx)
DRV:64bit: - [2008/01/20 21:46:59 | 000,067,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uagp35.sys -- (uagp35)
DRV:64bit: - [2008/01/20 21:46:59 | 000,047,672 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hpcisss.sys -- (HpCISSs)
DRV:64bit: - [2008/01/20 21:46:59 | 000,039,992 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mouclass.sys -- (mouclass)
DRV:64bit: - [2008/01/20 21:46:59 | 000,035,896 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2008/01/20 21:46:59 | 000,026,624 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2008/01/20 21:46:59 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbprint.sys -- (usbprint)
DRV:64bit: - [2008/01/20 21:46:59 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mouhid.sys -- (mouhid)
DRV:64bit: - [2008/01/20 21:46:56 | 000,438,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (MegaSR)
DRV:64bit: - [2008/01/20 21:46:56 | 000,284,728 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\uliahci.sys -- (uliahci)
DRV:64bit: - [2008/01/20 21:46:56 | 000,146,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\E1G6032E.sys -- (E1G60) Intel®
DRV:64bit: - [2008/01/20 21:46:56 | 000,105,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2008/01/20 21:46:56 | 000,045,624 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2008/01/20 21:46:55 | 000,024,576 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2008/01/20 21:46:55 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hidusb.sys -- (HidUsb)
DRV:64bit: - [2008/01/20 21:46:54 | 000,342,584 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2008/01/20 21:46:54 | 000,128,056 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2008/01/20 21:46:54 | 000,126,520 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu160m.sys -- (adpu160m)
DRV:64bit: - [2008/01/20 21:46:54 | 000,079,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\cdrom.sys -- (cdrom)
DRV:64bit: - [2008/01/20 21:46:54 | 000,072,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ohci1394.sys -- (ohci1394)
DRV:64bit: - [2008/01/20 21:46:54 | 000,054,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2008/01/20 21:46:54 | 000,041,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\umbus.sys -- (umbus)
DRV:64bit: - [2008/01/20 21:46:53 | 000,486,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2008/01/20 21:46:53 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\parport.sys -- (Parport)
DRV:64bit: - [2008/01/20 21:46:53 | 000,094,208 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\serial.sys -- (Serial)
DRV:64bit: - [2008/01/20 21:46:53 | 000,068,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (disk)
DRV:64bit: - [2008/01/20 21:46:53 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serenum.sys -- (Serenum)
DRV:64bit: - [2008/01/20 21:46:52 | 001,221,176 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2008/01/20 21:46:52 | 000,174,696 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata2.sys -- (ulsata2)
DRV:64bit: - [2008/01/20 21:46:52 | 000,090,680 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2008/01/20 21:46:52 | 000,027,704 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2008/01/20 21:46:51 | 000,314,368 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (rdpdr)
DRV:64bit: - [2008/01/20 21:46:51 | 000,179,768 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:64bit: - [2008/01/20 21:46:51 | 000,126,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nv_agp.sys -- (nv_agp)
DRV:64bit: - [2008/01/20 21:46:51 | 000,113,720 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2008/01/20 21:46:51 | 000,068,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2008/01/20 21:46:51 | 000,068,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uliagpkx.sys -- (uliagpkx)
DRV:64bit: - [2008/01/20 21:46:51 | 000,064,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agp440.sys -- (agp440)
DRV:64bit: - [2008/01/20 21:46:51 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HDAudBus.sys -- (HDAudBus)
DRV:64bit: - [2008/01/20 21:46:51 | 000,050,688 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2008/01/20 21:46:51 | 000,048,128 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\intelppm.sys -- (intelppm)
DRV:64bit: - [2008/01/20 21:46:51 | 000,047,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\processr.sys -- (Processor)
DRV:64bit: - [2008/01/20 21:46:51 | 000,034,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2008/01/20 21:46:51 | 000,023,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2008/01/20 21:46:51 | 000,017,976 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2008/01/20 21:46:51 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2008/01/20 21:46:50 | 000,326,712 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2008/01/20 21:46:50 | 000,063,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\termdd.sys -- (TermDD)
DRV:64bit: - [2008/01/20 21:46:50 | 000,031,288 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2008/01/20 21:46:50 | 000,023,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2008/01/20 21:46:50 | 000,019,512 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2008/01/20 21:46:50 | 000,018,024 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2008/01/20 21:46:50 | 000,018,024 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2008/01/20 21:46:50 | 000,015,976 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2008/01/20 21:46:50 | 000,015,976 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2008/01/20 21:46:50 | 000,014,336 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2008/01/20 21:46:50 | 000,013,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\swenum.sys -- (swenum)
DRV:64bit: - [2008/01/20 21:46:50 | 000,008,704 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2007/04/03 10:30:14 | 001,418,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2006/11/02 07:03:03 | 000,051,816 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2006/11/02 07:02:52 | 000,049,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\symc8xx.sys -- (Symc8xx)
DRV:64bit: - [2006/11/02 07:02:47 | 000,048,232 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_u3.sys -- (Sym_u3)
DRV:64bit: - [2006/11/02 07:02:39 | 000,044,648 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2006/11/02 07:02:37 | 000,044,648 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_hi.sys -- (Sym_hi)
DRV:64bit: - [2006/11/02 07:02:24 | 000,039,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mraid35x.sys -- (Mraid35x)
DRV:64bit: - [2006/11/02 07:02:09 | 000,037,480 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteraid.sys -- (iteraid)
DRV:64bit: - [2006/11/02 07:02:09 | 000,037,480 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteatapi.sys -- (iteatapi)
DRV:64bit: - [2006/11/02 06:51:30 | 000,203,368 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2006/11/02 06:50:54 | 000,148,072 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata.sys -- (UlSata)
DRV:64bit: - [2006/11/02 06:50:27 | 000,124,008 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2006/11/02 06:50:06 | 000,090,216 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2006/11/02 06:50:06 | 000,088,168 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\djsvs.sys -- (aic78xx)
DRV:64bit: - [2006/11/02 04:44:02 | 000,050,688 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2006/11/02 04:44:01 | 000,034,304 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2006/11/02 04:43:46 | 000,079,360 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2006/11/02 04:43:36 | 000,025,600 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2006/11/02 04:40:24 | 000,026,624 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2006/11/02 04:38:24 | 000,016,384 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2006/11/02 04:37:30 | 000,007,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV:64bit: - [2006/11/02 04:37:30 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MSPQM.sys -- (MSPQM)
DRV:64bit: - [2006/11/02 03:43:25 | 000,086,528 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2006/11/02 00:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/23 21:08:37 | 000,712,704 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\peauth.sys -- (PEAUTH)
DRV:64bit: - [2006/09/19 06:42:33 | 000,014,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\brusbser.sys -- (BrUsbSer)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/09/18 16:30:18 | 000,047,104 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserwdm.sys -- (BrSerWdm)
DRV:64bit: - [2006/09/18 16:30:18 | 000,014,976 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV:64bit: - [2006/09/18 16:30:15 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\brfiltlo.sys -- (BrFiltLo)
DRV:64bit: - [2006/09/18 16:30:15 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2010/05/26 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/26 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/13 02:04:52 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100601.002\EX64.SYS -- (NAVEX15)
DRV - [2010/05/13 02:04:52 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100601.002\ENG64.SYS -- (NAVENG)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/28 17:37:22 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSviA64.sys -- (IDSVia64)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=dx4200-09
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=dx4200-09

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files (x86)\SGPSA\mtwb3sh.dll (TODO: <Company name>)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={DEE19A75-FA34-7C4C-0E35-882E4B316E7B}&q="
FF - prefs.js..network.proxy.backup.ftp: "66.160.144.212"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "66.160.144.212"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "66.160.144.212"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "66.160.144.212"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "66.160.144.212"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "66.160.144.212"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "66.160.144.212"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "66.160.144.212"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "66.160.144.212"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/30 15:58:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 22:44:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/10 22:44:19 | 000,000,000 | ---D | M]

[2009/08/03 20:35:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Extensions
[2009/08/03 20:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/31 21:55:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/14 12:42:30 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions
[2010/02/23 19:26:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/18 16:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/08/13 14:23:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/07 13:06:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\BearShareWebSearch.xml
[2010/02/23 19:26:24 | 000,000,433 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\fast-browser-search.xml
[2010/01/18 16:54:05 | 000,000,000 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\mywebsearch.xml
[2010/08/14 12:42:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/26 18:15:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/11 17:24:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/07/26 18:15:50 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/26 18:15:50 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2010/07/26 18:15:50 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/08/10 22:44:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/10 22:44:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/10 22:44:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/10 22:44:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/10 22:44:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/10 22:44:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/08/10 22:44:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/04/11 20:29:29 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/11 20:29:29 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2010/04/11 20:29:29 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/11 20:29:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/15 19:30:16 | 000,003,700 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.png
[2010/04/15 19:30:15 | 000,001,962 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.xml
[2010/04/11 20:29:30 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/11 20:29:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/11 20:29:30 | 000,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files (x86)\SGPSA\BHO.dll (MTWB)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bar] C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SADFC401\access[1].exe File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\home\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{409ad7b0-cf6c-11de-a08a-0022684d1e95}\Shell - "" = AutoRun
O33 - MountPoints2\{409ad7b0-cf6c-11de-a08a-0022684d1e95}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NAVx64\1008000.029\SYMEFA64.SYS ()
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NAVx64\1008000.029\SYMEFA64.SYS ()
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 14:19:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2010/08/14 13:45:17 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/08/14 12:13:57 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\houiphcfm
[2010/08/14 12:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/14 12:13:22 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Windows Server
[2010/08/14 12:13:15 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\2B2CF94012581557DBFF5E801EB42A26
[2010/08/13 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC Tool
[2010/08/13 13:57:44 | 000,000,000 | RH-D | C] -- C:\Users\home\Documents\Chance Backup Files
[2010/08/11 00:38:55 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 00:38:54 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 00:38:41 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/08/11 00:38:39 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/08/11 00:38:39 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 00:38:39 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/08/11 00:38:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/08/11 00:38:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 00:38:38 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 00:38:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/08/10 22:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/10 22:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/10 22:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/08/10 22:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/10 22:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/10 22:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/10 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/10 22:39:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/10 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Yahoo
[2010/08/10 22:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/08/10 22:32:28 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Yahoo!
[2010/08/10 22:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/08/10 22:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/07 14:04:36 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\The Duel
[2010/08/07 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DRGunZ 3.0
[2010/08/06 21:13:09 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\gunz-mrb
[2010/08/05 16:14:59 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Trinity
[2010/08/05 16:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trinity GunZ
[2010/07/30 19:26:03 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/07/30 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\BitTorrent
[2010/07/30 19:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/07/29 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Xenocode
[2010/07/27 17:58:07 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\xF-GunZx
[2010/07/27 17:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freestyle GunZ
[2010/07/26 21:31:43 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Gunz
[2010/07/26 21:30:14 | 003,731,176 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/07/26 21:29:47 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010/07/26 21:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/07/26 21:24:52 | 000,000,000 | -H-D | C] -- C:\Users\home\AppData\Roaming\ijjigame
[2010/07/26 21:22:20 | 000,427,008 | ---- | C] (True Games Interactive) -- C:\Windows\SysWow64\uc_wepic_launching.dll
[2010/07/26 21:22:20 | 000,208,384 | ---- | C] (<YNK Intractive>) -- C:\Windows\SysWow64\uc_rohan_launching.dll
[2010/07/26 21:22:20 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll
[2010/07/26 21:22:20 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_sfighters_launching.dll
[2010/07/26 21:22:20 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_luminary_launching.dll
[2010/07/26 21:22:19 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe
[2010/07/26 21:22:19 | 000,086,624 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\ijjiChannelingPlugin.dll
[2010/07/26 21:22:19 | 000,075,264 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_holybeast_launching.dll
[2010/07/26 21:22:19 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe
[2010/07/26 21:22:19 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_atlantica_launching.dll
[2010/07/26 21:22:19 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\Windows\SysWow64\ijjiPlugin2.dll
[2010/07/26 21:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji
[2010/07/26 21:07:41 | 000,000,000 | ---D | C] -- C:\ijji
[2010/07/26 17:48:57 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/07/26 17:48:57 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/07/26 17:48:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/07/26 17:48:54 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/07/26 17:48:53 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/07/26 17:48:53 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/07/26 17:48:52 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/07/26 17:48:52 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/07/26 17:48:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/07/26 17:48:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/07/26 17:48:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/07/26 17:48:51 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/07/26 17:48:49 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/07/26 17:48:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/07/26 17:48:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/07/26 17:48:46 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/07/26 17:48:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/07/26 17:48:45 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/07/26 17:48:44 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/07/26 17:48:44 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/07/26 17:48:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/07/26 17:48:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/07/26 17:48:43 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/07/26 17:48:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/07/26 17:48:41 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/07/26 17:48:41 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/07/26 17:48:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/07/26 17:48:40 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/07/26 17:48:39 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/07/26 17:48:39 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/07/26 17:48:38 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/07/26 17:48:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/07/26 17:48:35 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/07/26 17:48:35 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/07/26 17:48:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/07/26 17:48:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/07/26 17:48:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/07/26 17:48:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/07/26 17:48:31 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/07/26 17:48:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/07/26 17:48:31 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/07/26 17:48:30 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/07/26 17:48:30 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/07/26 17:48:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/07/26 17:48:29 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/07/26 17:48:28 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/07/26 17:48:27 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/07/26 17:48:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/07/26 17:48:25 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/07/26 17:48:25 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/07/26 17:48:24 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/07/26 17:48:23 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/07/26 17:48:21 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/07/26 17:48:21 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/07/26 17:48:21 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/07/26 17:48:20 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/07/26 17:48:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/07/26 17:48:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/07/26 17:48:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/07/26 17:48:17 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/07/26 17:48:17 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/07/26 17:48:17 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/07/26 17:48:17 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/07/26 17:48:15 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/07/26 17:48:15 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/07/26 17:48:14 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/07/26 17:48:13 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/07/26 17:48:13 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/07/26 17:48:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/07/26 17:48:11 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/07/26 17:48:10 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/07/26 17:48:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/07/26 17:48:09 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/07/26 17:48:08 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/07/26 17:48:08 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/07/26 17:48:07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/07/26 17:48:06 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/07/26 17:48:06 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/07/26 17:48:04 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/07/26 17:48:03 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/07/26 17:48:01 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/07/26 17:47:56 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/07/26 17:47:52 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/07/26 17:47:52 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/07/26 17:47:51 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/07/26 17:47:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/07/26 17:47:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/07/26 17:47:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/07/26 17:47:48 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/07/26 17:47:47 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/07/26 17:37:30 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/07/26 17:37:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/26 16:31:11 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/07/25 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\MusicNet
[2010/07/25 12:48:38 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\My Received Files
[2010/07/25 12:48:38 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\BearShare
[2010/07/25 12:48:38 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\BearShare
[2010/07/25 12:48:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D398BDFF-BC85-4852-B26D-4CA820357DB2}
[2010/07/25 12:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications
[2010/07/25 12:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\BearShare
[2010/07/25 12:47:40 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\PackageAware
[2010/07/23 23:14:47 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Apple Computer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/14 14:20:41 | 002,097,152 | -HS- | M] () -- C:\Users\home\NTUSER.DAT
[2010/08/14 14:20:36 | 000,755,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/14 14:20:36 | 000,639,904 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/14 14:20:36 | 000,118,156 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/14 14:19:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2010/08/14 14:13:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/14 14:13:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 14:13:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 14:13:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/14 14:13:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/14 14:13:31 | 4025,671,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/14 14:12:45 | 000,524,288 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 14:12:45 | 000,065,536 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/14 14:11:13 | 000,363,520 | ---- | M] () -- C:\Users\home\Desktop\rkill.scr
[2010/08/14 14:10:30 | 000,000,046 | ---- | M] () -- C:\Users\home\jagex_runescape_preferences.dat
[2010/08/14 14:09:15 | 000,000,099 | ---- | M] () -- C:\Users\home\jagex_runescape_preferences2.dat
[2010/08/14 13:58:12 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2010/08/14 13:52:29 | 000,313,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/14 13:47:18 | 000,000,000 | ---- | M] () -- C:\Users\home\jagex__preferences3.dat
[2010/08/14 13:41:41 | 000,000,032 | ---- | M] () -- C:\Windows\GunzLauncher.INI
[2010/08/14 12:33:44 | 000,525,824 | ---- | M] () -- C:\Users\home\Desktop\dds.scr
[2010/08/14 12:29:20 | 000,002,838 | ---- | M] () -- C:\Users\home\AppData\Local\ucepepubit.dll
[2010/08/14 12:28:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/08/14 12:13:51 | 000,000,347 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/14 12:07:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/14 11:39:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000UA.job
[2010/08/13 18:35:18 | 000,000,055 | ---- | M] () -- C:\Windows\SpeederXP.INI
[2010/08/13 14:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000Core.job
[2010/08/13 14:34:57 | 000,002,039 | ---- | M] () -- C:\Users\home\Desktop\Google Chrome.lnk
[2010/08/13 14:34:57 | 000,002,001 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/11 12:58:04 | 000,002,255 | ---- | M] () -- C:\Users\home\Desktop\iTunes.lnk
[2010/08/10 22:32:08 | 000,000,998 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/10 22:32:08 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/10 22:16:49 | 000,028,672 | ---- | M] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 20:17:37 | 000,000,000 | ---- | M] () -- C:\Users\home\defogger_reenable
[2010/08/03 18:36:27 | 000,077,358 | ---- | M] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2010/07/25 12:48:37 | 000,000,152 | ---- | M] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2010/07/24 20:51:29 | 000,001,153 | ---- | M] () -- C:\Users\home\Documents\001 Carney Thinking of You.lnk
[2010/07/24 20:19:21 | 003,912,533 | ---- | M] () -- C:\Users\home\Documents\001 Carney Thinking of You.wma
[2010/07/24 20:16:39 | 000,001,702 | ---- | M] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/07/23 22:56:58 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/07/23 22:50:23 | 044,377,846 | ---- | M] () -- C:\Users\home\Documents\AUDIO_Realtek_ALC888S_Vx64.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/14 14:13:31 | 4025,671,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/14 14:11:13 | 000,363,520 | ---- | C] () -- C:\Users\home\Desktop\rkill.scr
[2010/08/14 13:47:18 | 000,000,000 | ---- | C] () -- C:\Users\home\jagex__preferences3.dat
[2010/08/14 13:47:17 | 000,000,099 | ---- | C] () -- C:\Users\home\jagex_runescape_preferences2.dat
[2010/08/14 13:45:43 | 000,000,046 | ---- | C] () -- C:\Users\home\jagex_runescape_preferences.dat
[2010/08/14 12:39:30 | 000,293,376 | ---- | C] () -- C:\Users\home\Desktop\gmer.exe
[2010/08/14 12:33:43 | 000,525,824 | ---- | C] () -- C:\Users\home\Desktop\dds.scr
[2010/08/14 12:30:07 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2010/08/14 12:29:19 | 000,002,838 | ---- | C] () -- C:\Users\home\AppData\Local\ucepepubit.dll
[2010/08/13 18:35:14 | 000,000,055 | ---- | C] () -- C:\Windows\SpeederXP.INI
[2010/08/13 14:34:57 | 000,002,039 | ---- | C] () -- C:\Users\home\Desktop\Google Chrome.lnk
[2010/08/13 14:34:57 | 000,002,001 | ---- | C] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/13 14:34:14 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000UA.job
[2010/08/13 14:34:12 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000Core.job
[2010/08/11 12:58:02 | 000,002,255 | ---- | C] () -- C:\Users\home\Desktop\iTunes.lnk
[2010/08/11 00:38:59 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/11 00:38:57 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/11 00:38:57 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/11 00:38:56 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/11 00:38:54 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 00:38:52 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 00:38:46 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/11 00:38:43 | 005,691,904 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/11 00:38:40 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/11 00:38:40 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/11 00:38:40 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/11 00:38:40 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/11 00:38:39 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/08/11 00:38:39 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 00:38:39 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/08/11 00:38:39 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/11 00:38:39 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 00:38:39 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/08/11 00:38:39 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 00:38:39 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/11 00:38:38 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/11 00:38:38 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/11 00:38:38 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/08/11 00:38:38 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/11 00:38:34 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/10 22:32:08 | 000,000,998 | ---- | C] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/10 22:32:08 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/10 20:17:37 | 000,000,000 | ---- | C] () -- C:\Users\home\defogger_reenable
[2010/08/02 20:15:14 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/30 19:17:48 | 000,000,347 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/29 13:28:25 | 000,410,168 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistMSI2D3C.txt
[2010/07/29 13:28:24 | 000,072,732 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistUI2D3C.txt
[2010/07/27 17:58:09 | 000,000,032 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2010/07/26 21:30:49 | 000,077,358 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2010/07/26 21:29:47 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010/07/26 21:22:20 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010/07/26 17:48:57 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll
[2010/07/26 17:48:57 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/07/26 17:48:54 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/07/26 17:48:54 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll
[2010/07/26 17:48:53 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/07/26 17:48:53 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll
[2010/07/26 17:48:52 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll
[2010/07/26 17:48:52 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll
[2010/07/26 17:48:51 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/07/26 17:48:51 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/07/26 17:48:51 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/07/26 17:48:51 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/07/26 17:48:49 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2010/07/26 17:48:48 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2010/07/26 17:48:47 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/07/26 17:48:46 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/07/26 17:48:45 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2010/07/26 17:48:45 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2010/07/26 17:48:44 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2010/07/26 17:48:44 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/07/26 17:48:44 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2010/07/26 17:48:43 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2010/07/26 17:48:43 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/07/26 17:48:42 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2010/07/26 17:48:41 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/07/26 17:48:41 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2010/07/26 17:48:41 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/07/26 17:48:40 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2010/07/26 17:48:39 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2010/07/26 17:48:39 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/07/26 17:48:38 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2010/07/26 17:48:37 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/07/26 17:48:35 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2010/07/26 17:48:35 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/07/26 17:48:34 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2010/07/26 17:48:33 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/07/26 17:48:33 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2010/07/26 17:48:32 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2010/07/26 17:48:31 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2010/07/26 17:48:31 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2010/07/26 17:48:31 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/07/26 17:48:30 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/07/26 17:48:30 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2010/07/26 17:48:30 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/07/26 17:48:29 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2010/07/26 17:48:28 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2010/07/26 17:48:27 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2010/07/26 17:48:26 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/07/26 17:48:25 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/07/26 17:48:25 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2010/07/26 17:48:24 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2010/07/26 17:48:23 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2010/07/26 17:48:21 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2010/07/26 17:48:21 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/07/26 17:48:21 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2010/07/26 17:48:20 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2010/07/26 17:48:19 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2010/07/26 17:48:19 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/07/26 17:48:19 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2010/07/26 17:48:17 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/07/26 17:48:17 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2010/07/26 17:48:17 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2010/07/26 17:48:17 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/07/26 17:48:15 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2010/07/26 17:48:15 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2010/07/26 17:48:14 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2010/07/26 17:48:13 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/07/26 17:48:13 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2010/07/26 17:48:12 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2010/07/26 17:48:11 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2010/07/26 17:48:10 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2010/07/26 17:48:10 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2010/07/26 17:48:09 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
[2010/07/26 17:48:08 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2010/07/26 17:48:08 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/07/26 17:48:07 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2010/07/26 17:48:06 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2010/07/26 17:48:06 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2010/07/26 17:48:04 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2010/07/26 17:48:03 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2010/07/26 17:48:01 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2010/07/26 17:47:56 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2010/07/26 17:47:52 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2010/07/26 17:47:52 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/07/26 17:47:51 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2010/07/26 17:47:50 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2010/07/26 17:47:50 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2010/07/26 17:47:49 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2010/07/26 17:47:48 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2010/07/26 17:47:47 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2010/07/25 13:07:54 | 003,912,533 | ---- | C] () -- C:\Users\home\Documents\001 Carney Thinking of You.wma
[2010/07/25 12:48:37 | 000,000,152 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2010/07/24 20:56:01 | 000,001,153 | ---- | C] () -- C:\Users\home\Documents\001 Carney Thinking of You.lnk
[2010/07/24 20:16:39 | 000,001,702 | ---- | C] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/07/23 22:50:23 | 044,377,846 | ---- | C] () -- C:\Users\home\Documents\AUDIO_Realtek_ALC888S_Vx64.zip
[2010/04/16 19:53:30 | 000,750,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/28 10:17:48 | 003,284,480 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/06/14 21:47:02 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/03/25 02:33:52 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/03/25 02:33:52 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2008/11/03 16:44:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Adobe
[2010/02/01 23:29:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Apple
[2010/02/01 23:28:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Apple Computer
[2009/05/31 11:53:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Application Data
[2009/03/25 02:33:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\ATI
[2010/07/25 12:47:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\BearShare
[2009/03/25 02:39:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\CyberLink
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Desktop
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Documents
[2009/07/18 13:54:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\eSellerate
[2010/04/16 20:54:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\F-Secure
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Favorites
[2009/05/31 12:40:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Google
[2009/06/14 21:46:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Intuit
[2010/04/11 13:59:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Malwarebytes
[2009/07/30 21:55:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\McAfee
[2009/03/25 02:25:18 | 000,000,000 | --SD | M] -- C:\ProgramData\Application Data\Microsoft
[2008/11/03 16:28:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Microsoft Help
[2010/04/16 18:50:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Nexon
[2009/07/23 19:58:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\NexonUS
[2009/05/31 12:02:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Norton
[2009/05/31 12:34:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\NortonInstaller
[2009/05/31 12:02:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\PCSettings
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Start Menu
[2010/02/11 17:25:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Sun
[2010/04/14 21:52:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\SUPERAntiSpyware.com
[2009/05/31 22:24:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Symantec
[2009/03/25 02:38:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Temp
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Templates
[2010/08/14 13:48:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Update
[2008/11/03 16:38:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\WildTangent
[2009/10/31 23:08:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\WindowsSearch
[2010/08/10 22:32:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Yahoo!
[2010/08/10 22:32:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Yahoo! Companion
[2010/02/01 23:29:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/08/10 22:46:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/25 12:48:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2009/02/04 13:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2010/07/21 08:26:46 | 003,529,938 | ---- | M] (Musiclab, LLC ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
[2010/07/21 16:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{D398BDFF-BC85-4852-B26D-4CA820357DB2}\BearShare_V9_en_Setup.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Application Data\Yahoo!\YUpdater\yupdater.exe
[2009/12/04 12:24:43 | 000,484,976 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Google\Google Toolbar\Update\gtb1EC4.tmp.exe
[2009/11/24 06:43:02 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Google\Google Toolbar\Update\gtb68F9.tmp.exe
[2010/01/31 18:07:29 | 000,509,552 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Google\Google Toolbar\Update\gtb6B0B.tmp.exe
[2009/11/28 08:57:53 | 000,000,034 | ---- | M] () -- C:\ProgramData\Application Data\Google\Google Toolbar\Update\gtbACDA.tmp.exe
[2009/09/29 22:30:08 | 000,242,976 | ---- | M] () -- C:\ProgramData\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2009/03/05 07:52:28 | 000,025,888 | ---- | M] (Intuit Inc.) -- C:\ProgramData\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
[2010/05/13 18:06:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/07/26 16:31:10 | 000,172,032 | ---- | M] (Nexon) -- C:\ProgramData\Application Data\NexonUS\NGM\NGM.exe
[2009/03/25 02:38:05 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
[2008/11/03 16:39:36 | 000,036,864 | ---- | M] ( ) -- C:\ProgramData\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
[2008/05/28 16:29:44 | 005,469,672 | ---- | M] () -- C:\ProgramData\Application Data\WildTangent\oem-eula.exe
[2010/04/20 16:45:20 | 000,607,472 | ---- | M] (Yahoo! Inc.) -- C:\ProgramData\Application Data\Yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >
[2010/08/14 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\2B2CF94012581557DBFF5E801EB42A26
[2009/06/21 12:56:17 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Adobe
[2010/02/01 23:38:22 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Apple Computer
[2009/05/31 11:54:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\ATI
[2009/09/01 13:48:25 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\AVG8
[2010/07/30 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\BitTorrent
[2010/08/14 14:13:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DNA
[2009/05/31 21:51:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Google
[2010/08/06 21:13:10 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\gunz-mrb
[2009/05/31 11:53:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Identities
[2010/07/26 21:24:52 | 000,000,000 | -H-D | M] -- C:\Users\home\AppData\Roaming\ijjigame
[2009/06/14 21:47:35 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Intuit
[2010/08/14 14:15:38 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\LimeWire
[2009/05/31 12:41:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Macromedia
[2010/04/11 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Malwarebytes
[2006/11/02 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Media Center Programs
[2010/07/19 13:16:30 | 000,000,000 | --SD | M] -- C:\Users\home\AppData\Roaming\Microsoft
[2009/08/03 20:35:53 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Move Networks
[2010/07/25 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla
[2010/07/25 12:50:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\MusicNet
[2010/04/14 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SUPERAntiSpyware.com
[2009/05/31 11:54:21 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Symantec
[2009/11/04 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Template
[2009/07/22 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\WinRAR
[2010/08/10 22:33:32 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >
[2009/05/31 21:55:29 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2009/05/31 21:55:30 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2009/05/31 21:55:30 | 000,014,848 | ---- | M] () -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2009/05/31 21:55:30 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2009/05/31 21:55:30 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2009/05/31 21:55:30 | 000,018,432 | ---- | M] () -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2009/05/31 21:55:30 | 000,014,336 | ---- | M] () -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2009/05/31 21:55:30 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009/05/31 21:55:30 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\home\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
[2009/07/28 20:57:05 | 000,127,872 | ---- | M] () -- C:\Users\home\AppData\Roaming\Move Networks\uninstall.exe
[2009/06/16 01:35:42 | 000,097,144 | ---- | M] () -- C:\Users\home\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2008/04/18 01:33:46 | 000,175,632 | R--- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\ACER\Preload\Autorun\DRV\ATI Video HD3200\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2007/04/16 05:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ACER\Preload\Autorun\DRV\ATI Video HD3200\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/02/22 00:29:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=2297D8A0E2F3E1BA55E1538BA33B9E86 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_39cac090f315177e\atapi.sys
[2008/02/22 00:30:43 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=62BD869AFA2BF2E30F9D3FF428C87D5C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_394424a3d9f4c3b9\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
< End of report >

Edited by Rewster, 14 August 2010 - 02:46 PM.


#4 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 14 August 2010 - 02:48 PM

**Cannot run RKUnhooker. "Error loading driver, NTSTATUS code: 0xC000036b"

Post too long, making new post.

OTL Extras logfile created on: 8/14/2010 2:19:58 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 442.22 Gb Free Space | 75.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.34% Space Free | Partition Type: FAT32

Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015B102B-3818-4CB2-A79C-83A73B278C8C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0236BE3C-499E-4732-81A5-68A7FB86CE7C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0569943B-32B0-4C8A-9C74-BCB8E6E7E392}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{0DB13E65-5332-4F7A-AB08-D6935F1603E1}" = rport=10244 | protocol=6 | dir=out | app=system |
"{144F15B8-E233-4F8E-B067-A18FE26B5BC5}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1AAA0200-8673-4171-B5B9-1B1D9AF6C0E0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1FF7740F-3464-4721-8708-C22193286DFF}" = lport=3390 | protocol=6 | dir=in | app=system |
"{21B5379D-4239-47E7-9F6A-C3D6E2D75607}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B6981F8-A4D7-4011-B5A3-452D2C9FC5D5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B9E5277-3145-43C0-9FCE-0A80BBD6A71E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2E7396CA-6E1D-43A9-A6B6-2A9C8282C298}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D7AC85F-6586-4F5F-97E4-0F5541267326}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DE6D449-394A-4570-A180-D3F181D7EB95}" = lport=10244 | protocol=6 | dir=in | app=system |
"{55932CFC-6551-4302-8CBB-38705EEB739E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62C9691D-D9CB-4AC2-8452-8820B22FF5C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{63A1E8FA-1FB6-4830-B032-A93BE16A9B6D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74F120B7-70F7-49F3-B186-16654A5B32BC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{789E4E0A-1B9F-45D3-AEF4-E81E67634399}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8AD60AAE-593F-4938-8E6D-B74BB6623A7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F9B2166-BA6C-4935-8C4A-7301D2A8B378}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FCFD986-8DAC-4F61-A944-53D070C2EED2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A29BBF00-C879-45F5-80A6-F31BB6001C77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A438E25F-C0CA-4C2A-BEC5-A508475DB631}" = lport=52644 | protocol=6 | dir=in | name=akamai netsession interface |
"{ADE38DD4-C092-450F-B4AF-D9546B74A18B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C18B8585-EFD5-465F-AE70-08D29F26F313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C445BD88-8701-4A70-AA32-0EC56FA7B581}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C937412F-3DD4-41A5-B336-EA9F74FFC1C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE65498E-F97F-4B77-9891-3CFCF874F2D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D058B5E3-6EBB-42EA-93BE-E3674AF6DFC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFA3D4EA-A12A-4BD2-8DBA-3208441C4E4E}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{E50D2243-99D6-4D92-870D-CAD865106F00}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E5ACB126-2046-4C1F-822F-987FD389BC0E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{EF2EF87E-E4BA-4DCC-9EA8-0B95A9E996A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F443C518-1DCF-42EE-9589-4123A58D34AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD063D6F-B114-45BF-BCAC-767426DE5EAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B8E582-A602-4F4F-B2A2-5DFCA31E2EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{0CA31AF5-512A-4761-B422-FE0863FDD20F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0F2511A6-00C3-4687-90D3-8383B1DAF3FC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{11AF3D82-4B02-4793-8FD0-CFD893C088C4}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{13AFE0EE-7D16-4344-B903-F993F66701C9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{169DD0E9-B987-4731-A456-1A2C64466F35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{195DBF52-C808-47C2-AB13-78DD0A37CC36}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A07E8FC-6997-4EBA-BE9C-E2420034FE77}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1D989C52-EA06-49E2-948B-86608DB73292}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{276F1F0A-5263-4AFE-9120-536DA4C94833}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{277C8DB4-77A6-4BDB-89B5-EF49A59EDBD2}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{2D0453F6-C4C8-471E-9D7C-CBB1CFBB0044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E44B027-E14C-4AE6-A043-C8F3A58234C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{334AB389-52B4-47DF-B8B7-1B46EC934E53}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{34F02268-59A9-4EA9-A88A-6C6E3CA559FC}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3A31CC78-38FE-494E-95FB-DE6700589E71}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46FC90D4-CE40-46A5-9FCA-4924647B679B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49459655-F9E9-487E-9B4F-F6926E87B698}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5B2620CC-51DD-485F-A264-9CEAF21A4A1E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{6153D5D6-FEE5-4AE5-9612-D5183F2FDC03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63FD8F4D-D5C8-4D82-A1BF-9A942C6FC9C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A6C0AB0-8242-4FFA-ADBC-BB4E1326C2D7}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{6A893C57-5481-486D-A726-767907B61FA6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{70FBD0FE-71C3-46FA-B12D-095F529D2F9F}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{7C23EDBB-E696-47D2-A08A-BCDE0DFD071F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FD21A03-34D4-4FC7-AC44-36C0DC8D07AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{8604FDE2-C4C1-499E-A1F4-E8593A6390A9}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{97F3DE3B-EC98-4B61-8758-963545695F1F}" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{9AB08784-0877-4101-8D92-4D283EFDD7F5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9BD4D4C3-ED35-4235-BE57-0566093C65D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A490E25E-C0D4-468C-B775-A4D63E10C249}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8AA2D84-7909-4BCE-90DE-70A93220C59E}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C6074DBA-CCCB-49F9-B7C0-65DA4CF0A0E2}" = protocol=6 | dir=out | app=system |
"{CB81E368-20B7-4ACA-9AD8-12058D001BAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCF521AD-3897-43DB-8A6F-9C84FE867A35}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{D2924E90-7A3A-4784-A624-DF4556480B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D39AD778-9350-4A5C-B091-D3E40F769187}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{D3AE7B94-FB6B-4110-8FE9-B8E6C1A01935}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3FAF973-17F4-4C02-928E-54D6F51F9747}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{D95B1AB3-891D-4DAE-9496-B900377E812D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E39B56A3-9040-4EF7-A024-9B9CF13BA9D2}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{E729DB74-4BCC-46E0-920C-983DFD77EEF3}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EE4052F6-8C14-4ECE-994F-23D8833A2A02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F18A394F-6D42-4A57-8E91-5D11C1F6D55D}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{F479DC69-A950-49B9-8279-F8133FD49987}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F8FAC846-8EDC-432F-8D70-3B2CA4CE40D3}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FA230A5E-E19F-403F-954C-AB4355770329}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB506C01-4638-4328-BEA1-BD3C27009E48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1B6A8458-C699-4F84-AB36-6C307D2AF565}C:\program files (x86)\trinity gunz\gunz.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trinity gunz\gunz.exe |
"TCP Query User{306DF159-E9F8-4F05-A392-A6F64C832BA9}C:\users\home\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\home\program files (x86)\dna\btdna.exe |
"TCP Query User{41A48DA6-0752-4A90-8317-82AF0E8FDE53}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5178343D-8744-440E-8051-A1489EE02164}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{63CBAF0D-AE0A-405E-8AEB-A16CEB563860}C:\program files (x86)\freestyle gunz\svchost.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freestyle gunz\svchost.exe |
"TCP Query User{96991209-EE2E-4BED-ABE9-568263B88E90}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{9ADEFA19-C3D1-4A70-9C19-194A6CD2EF28}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{9B7A6B82-A067-4D9C-9A89-1F6471E2907F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{A20BAEF5-42BE-4D39-ABAC-2820F21560F0}C:\users\home\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\home\program files (x86)\dna\btdna.exe |
"TCP Query User{AD99813C-A2A6-4025-86D7-47D2D97EA95E}C:\program files (x86)\java\jdk1.6.0_14\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_14\bin\java.exe |
"TCP Query User{C1BF8B17-A90A-431A-8089-FD789A12F1FB}C:\program files (x86)\drgunz 3.0\drgunz.exe" = protocol=6 | dir=in | app=c:\program files (x86)\drgunz 3.0\drgunz.exe |
"TCP Query User{CC296929-F110-40DD-8AFA-376E31B01878}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{F2F6A1CE-B494-4FC0-A834-D0307D44A216}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{0E8FA6E1-E950-475B-80FD-AAE5D1AEE534}C:\program files (x86)\trinity gunz\gunz.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trinity gunz\gunz.exe |
"UDP Query User{17E3902C-ABDB-4ACD-8C06-F32803A11B7F}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{211CA603-76A8-4293-BD0D-CC401A0FA737}C:\program files (x86)\freestyle gunz\svchost.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freestyle gunz\svchost.exe |
"UDP Query User{21865CFC-731E-4FA0-B1E1-76F62EB365FC}C:\program files (x86)\java\jdk1.6.0_14\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_14\bin\java.exe |
"UDP Query User{537664DF-8550-45F5-9D28-EECDF85092FE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{62D858BB-0F05-4C49-BE17-534C2628DFF5}C:\users\home\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\home\program files (x86)\dna\btdna.exe |
"UDP Query User{6FDDCE86-DD02-49AB-B1A2-827C6DD352E1}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{8391DB2F-2630-431C-8A80-0F62E34C8261}C:\users\home\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\home\program files (x86)\dna\btdna.exe |
"UDP Query User{B986ECB2-8E18-4693-B392-1D7977C9A480}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CC146CE0-9C82-46F3-8522-659D52DBC2C6}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{E9117F44-52A5-47BB-AB15-14A2C59897C8}C:\program files (x86)\drgunz 3.0\drgunz.exe" = protocol=17 | dir=in | app=c:\program files (x86)\drgunz 3.0\drgunz.exe |
"UDP Query User{F6D67C11-9F96-4ADF-83E1-0550FF93D355}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{FB9A61CF-AAB1-4C76-9877-32345C5E52C5}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{6361EA0C-499F-40C0-6924-A8D974784908}" = ccc-utility64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{816EB8D3-C431-5997-8A7B-99EED8D88C99}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0204009C-53D7-67E6-6631-62A1DBD66BCA}" = Catalyst Control Center Localization German
"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}" = LastChaos
"{14911AD7-62FA-2DF7-961A-314786398DDD}" = Catalyst Control Center Localization Danish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18960408-D04F-61BB-802E-13851583716E}" = CCC Help French
"{1FF2E7A9-824F-8B73-6332-C9DD19B08A67}" = CCC Help Finnish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23638DF5-41EF-7AEC-8AEB-2C7B4A298D05}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 18
"{26D08718-801F-2F78-B5DC-78D50714AA95}" = Catalyst Control Center Localization French
"{2B462A9D-286B-0A4F-6FB8-E71B39AB3978}" = Catalyst Control Center Localization Spanish
"{2D38E148-989C-9E77-E655-328FE0726761}" = Catalyst Control Center Localization Finnish
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{3770179C-38F3-A941-643C-5790E78D80C7}" = Skins
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{482020CC-FEF7-9392-69F0-6C6F26FD7BCD}" = Catalyst Control Center Localization Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D19B0D8-896C-96AE-27B2-98B8B3997EBD}" = Catalyst Control Center Graphics Light
"{5ADE38D8-1B9C-6F79-C88F-A84B01E4175C}" = CCC Help Dutch
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{600494AA-0E7B-6F10-9426-AFF9914CA403}" = Catalyst Control Center Graphics Full New
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68C96BC9-EB2A-C0F1-0BAE-8E7FACD1CC52}" = Catalyst Control Center Core Implementation
"{69897DB3-8AA0-AB8B-C41F-5F18CE08DD10}" = CCC Help German
"{7BBEF4EB-4996-3B90-1F79-0CED09C781F5}" = Catalyst Control Center Localization Swedish
"{7C95F789-0941-CBF8-A906-507E1F938B23}" = Catalyst Control Center Localization Dutch
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D05E935-B635-73BC-1320-80496C7EC481}" = CCC Help English
"{9DE36FF9-B4DC-76E5-DE1A-D940D5BB1E83}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3920458-4EA6-A26B-7621-AB086AC4086D}" = CCC Help Spanish
"{B7BC1735-B009-2946-AA94-2A60190616BE}" = Catalyst Control Center Localization Norwegian
"{B8CCF37C-4C5D-0B17-1472-FEDB3D88F9E8}" = CCC Help Japanese
"{B9D218EA-982B-53A2-BEEA-EF4C08DDD3DB}" = Catalyst Control Center Localization Italian
"{BB034FA9-BC86-7231-4618-B30918CD43F7}" = CCC Help Swedish
"{BE709AB0-E637-D304-F30C-B4B84F496DA7}" = ccc-core-static
"{C1E7BB59-E1BE-CC2F-32B8-F0EAB1322BC4}" = CCC Help Italian
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C55C9458-6FAA-0DA2-3F35-CAD71AA13A89}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB1F488E-AB5E-DB3A-A144-51802C2B0041}" = Catalyst Control Center Graphics Previews Vista
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC Tool" = AC Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BearShare" = BearShare
"BitTorrent" = BitTorrent
"Combat Arms" = Combat Arms
"Freestyle GunZ" = Freestyle GunZ
"Gunz" = ijji - Gunz
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NAV" = Norton AntiVirus
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Smart Copy" = Smart Copy 3.1.1.1
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"WildTangent gateway Master Uninstall" = Gateway Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Trinity GunZ" = Trinity GunZ

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2010 4:02:49 PM | Computer Name = home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18470, time stamp
0x4be05134, faulting module BHO.dll_unloaded, version 0.0.0.0, time stamp 0x4a5614d4,
exception code 0xc0000005, fault offset 0x69b87126, process id 0x1abc, application
start time 0x01cb2f5901b4fb51.

Error - 7/29/2010 5:00:46 PM | Computer Name = home-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18470 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 24dc Start Time: 01cb2f5dccf2def1 Termination Time: 29

Error - 7/29/2010 8:05:43 PM | Computer Name = home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Nexon\Combat Arms\Add-ons\GameTrainerMaker.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/29/2010 8:07:52 PM | Computer Name = home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Nexon\Combat Arms\Add-ons\GameTrainerMaker.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/30/2010 1:16:07 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/2/2010 1:34:46 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/2/2010 1:34:46 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/3/2010 4:19:26 AM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/3/2010 2:58:00 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/3/2010 2:58:00 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 8/9/2009 5:52:53 PM | Computer Name = home-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 11/11/2009 7:48:08 PM | Computer Name = home-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 11/11/2009 7:50:25 PM | Computer Name = home-PC | Source = McrMgr | ID = 109
Description =

Error - 5/6/2010 7:10:02 PM | Computer Name = home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/20/2009 4:20:59 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/20/2009 4:21:29 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/20/2009 8:43:51 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/20/2009 8:44:21 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/3/2010 7:04:43 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/3/2010 7:05:13 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/10/2010 7:45:48 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/10/2010 7:46:18 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/10/2010 8:14:28 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/10/2010 8:14:58 PM | Computer Name = home-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Edited by Rewster, 14 August 2010 - 02:50 PM.


#5 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 14 August 2010 - 03:27 PM

I seem to be having internet connection problems. None of my downloaded games that require an internet connection will work, and Internet Explorer and Google Chrome have stopped working. Could this be why RKUnhooker won't work?

All my online messengers won't work either.

Edited by Rewster, 14 August 2010 - 03:28 PM.


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 14 August 2010 - 10:02 PM

Your having troubles with RKU because of compatability issues with the 64bit OS. You can ignore it. Your having troubles with connections due to your malware infection.

==========

If you can not download the apps then download them to a clean computer then transfer by way of a USB drive.

==========

I see you have BitTorrent, BearShare & Limewire installed!

Using any peer-to-peer (P2P) or file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BearShare, Azureus/Vuze) is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications.Using such programs is very likely how your computer got infected!!

==========

This next please...

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [Bar] C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SADFC401\access[1].exe File not found
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O33 - MountPoints2\{409ad7b0-cf6c-11de-a08a-0022684d1e95}\Shell - "" = AutoRun
    O33 - MountPoints2\{409ad7b0-cf6c-11de-a08a-0022684d1e95}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    [2010/08/14 12:13:57 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\houiphcfm
    [2010/08/14 12:13:15 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\2B2CF94012581557DBFF5E801EB42A26

    :Files
    c:\users\home\appdata\local\we4032.dll

    :Reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dfipokezezocoho"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kalaxrit"=-

    :Commands
    [resethosts]
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    *userinit*
    *atapi*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==========

Is your Norton Antivirus Functional?

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

Download Sophos Anti-rootkit & save it to your desktop.
Be sure to read the Sophos Anti-Rookit User Manual. A copy of this manual sarman.pdf can also be found inside the program folder after installation.
  • Double-click sarsfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click "Start scan".
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will be done when you restart your computer. Click "Restart Now".
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Note: If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.

==========

With your next post please provide:

* OTL fix log
* SystemLook.txt
* Antivrus question
* MBAM
* Sarscan log
* How is your computer running now?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 16 August 2010 - 11:38 AM

After the OTL Fix, all other web browsers are working. (Though Internet Explorer is getting constant requests to allow a toolbar from yahoo Messenger to load.) All of the games are working as well.

There are a couple of users on this computer, and the P2P programs were not my doing. I uninstalled them before you mentioned them.

The Norton Antivirus expired and is not functional.

I am unable to choose Running Processes on Sophos, as it is grayed out.

There is a weird xxggkf.exe file that is running. Whenever I terminate the process tree, it comes back. When I delete the file, it comes back instantly.


All processes killed
========== OTL ==========
Service npggsvc stopped successfully!
Service npggsvc deleted successfully!
File C:\Windows\SysNative\GameMon.des not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{409ad7b0-cf6c-11de-a08a-0022684d1e95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{409ad7b0-cf6c-11de-a08a-0022684d1e95}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{409ad7b0-cf6c-11de-a08a-0022684d1e95}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{409ad7b0-cf6c-11de-a08a-0022684d1e95}\ not found.
File J:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\home\AppData\Local\houiphcfm folder moved successfully.
C:\Users\home\AppData\Roaming\2B2CF94012581557DBFF5E801EB42A26 folder moved successfully.
========== FILES ==========
File\Folder c:\users\home\appdata\local\we4032.dll not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Dfipokezezocoho not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kalaxrit not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: home
->Temp folder emptied: 1375154731 bytes
->Temporary Internet Files folder emptied: 143051366 bytes
->Java cache emptied: 69982460 bytes
->FireFox cache emptied: 50675861 bytes
->Google Chrome cache emptied: 28444429 bytes
->Flash cache emptied: 74323 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69597 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34643274 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,623.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08152010_202605

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF5HFCGV\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ6D7PE7\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BF0UKR84\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H54790K\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:39 on 16/08/2010 by home (Administrator - Elevation successful)

========== filefind ==========

Searching for "*userinit*"
C:\Windows\System32\en-US\userinit.exe.mui --a--- 4096 bytes [15:13 02/11/2006] [15:13 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\System32\userinit.exe --a--- 25088 bytes [02:50 21/01/2008] [02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\SysWOW64\en-US\userinit.exe.mui --a--- 4096 bytes [15:13 02/11/2006] [15:13 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\SysWOW64\userinit.exe --a--- 25088 bytes [02:50 21/01/2008] [02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e9d87fb38dc4f328\userinit.exe.mui --a--- 3584 bytes [15:13 02/11/2006] [15:13 02/11/2006] 7A820F1B24D266DE11444D6C8FA8AC8A
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe --a--- 28160 bytes [02:49 21/01/2008] [02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e9d87fb38dc4f328.manifest --a--- 2490 bytes [15:11 02/11/2006] [15:11 02/11/2006] DBDFB2D87B26B6E0EBAE9F68E72C9C09
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d.manifest --a--- 7964 bytes [12:31 02/11/2006] [12:23 02/11/2006] D2AA443F978342C19FE75C9AC96A7E2D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941.manifest --a--- 7964 bytes [02:40 21/01/2008] [02:40 21/01/2008] 8F0246DD4B69A24C9C1087E1E4ECA04B
C:\Windows\winsxs\Manifests\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2.manifest --a--- 2488 bytes [15:11 02/11/2006] [15:11 02/11/2006] BCA958F5EA792F001403EE32B5A495C1
C:\Windows\winsxs\Manifests\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737.manifest --a--- 7930 bytes [12:31 02/11/2006] [10:18 02/11/2006] C9E584A3F71B9C8AD059B5A71E09EED0
C:\Windows\winsxs\Manifests\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b.manifest --a--- 7930 bytes [02:41 21/01/2008] [02:41 21/01/2008] 0A0BE29C70619676B3F985ADD047FA39
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui --a--- 4096 bytes [15:13 02/11/2006] [15:13 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe --a--- 25088 bytes [02:50 21/01/2008] [02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

Searching for "*atapi*"
C:\Windows\inf\iteatapi.inf --a--- 33660 bytes [12:40 02/11/2006] [12:40 02/11/2006] E4EB9FDA7CA1965653EAB8C109CCE546
C:\Windows\inf\iteatapi.PNF --a--- 17916 bytes [12:40 02/11/2006] [15:26 02/11/2006] 4FB8FE951A80384559E47DD88870E318
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys --a--- 20952 bytes [17:08 21/10/2009] [07:15 11/04/2009] E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\en-US\WinSATAPI.dll.mui --a--- 6144 bytes [15:14 02/11/2006] [15:14 02/11/2006] 64BDEA749C5954CECAB7EC5E9CC24D39
C:\Windows\System32\WinSATAPI.dll --a--- 383488 bytes [02:48 21/01/2008] [02:48 21/01/2008] 3FCB7347D2DE38488C85A31EA7838A3C
C:\Windows\SysWOW64\en-US\WinSATAPI.dll.mui --a--- 6144 bytes [15:14 02/11/2006] [15:14 02/11/2006] 64BDEA749C5954CECAB7EC5E9CC24D39
C:\Windows\SysWOW64\WinSATAPI.dll --a--- 383488 bytes [02:48 21/01/2008] [02:48 21/01/2008] 3FCB7347D2DE38488C85A31EA7838A3C
C:\Windows\winsxs\amd64_iteatapi.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_7cec85afefb0986c\iteatapi.inf_loc --a--- 308 bytes [15:13 02/11/2006] [15:13 02/11/2006] DBC002F0F2C65A0519A1BD24D84B22C2
C:\Windows\winsxs\amd64_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.0.6001.18000_none_3fbcfd9daff7d4fc\WinSATAPI.dll --a--- 444928 bytes [02:47 21/01/2008] [02:47 21/01/2008] 1BCF5EBCCF81C840F2677706BEFF0123
C:\Windows\winsxs\amd64_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e312202ef6b0c9dd\WinSATAPI.dll.mui --a--- 5632 bytes [15:14 02/11/2006] [15:14 02/11/2006] 8DC8783F63C99F54D3311B05DD840EEF
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys --a--- 22584 bytes [02:46 21/01/2008] [02:46 21/01/2008] 1898FAE8E07D97F2F6C2D5326C633FAC
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_394424a3d9f4c3b9\atapi.sys --a--- 22584 bytes [20:30 03/11/2008] [05:30 22/02/2008] 62BD869AFA2BF2E30F9D3FF428C87D5C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_39cac090f315177e\atapi.sys --a--- 22584 bytes [20:30 03/11/2008] [05:29 22/02/2008] 2297D8A0E2F3E1BA55E1538BA33B9E86
C:\Windows\winsxs\Manifests\amd64_iteatapi.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_7cec85afefb0986c.manifest --a--- 1915 bytes [15:11 02/11/2006] [15:11 02/11/2006] A584E7BEB47F7E6DA9536A79B9986956
C:\Windows\winsxs\x86_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.0.6001.18000_none_e39e6219f79a63c6\WinSATAPI.dll --a--- 383488 bytes [02:48 21/01/2008] [02:48 21/01/2008] 3FCB7347D2DE38488C85A31EA7838A3C
C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.0.6000.16386_en-us_86f384ab3e5358a7\WinSATAPI.dll.mui --a--- 6144 bytes [15:14 02/11/2006] [15:14 02/11/2006] 64BDEA749C5954CECAB7EC5E9CC24D39

-=End Of File=-


llerMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4436

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/16/2010 11:48:45 AM
mbam-log-2010-08-16 (11-48-45).txt

Scan type: Quick scan
Objects scanned: 143920
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 8/16/2010 at 11:58:45 AM
User "home" on computer "HOME-PC"
Windows version 6.0 SP 1.0 Service Pack 1 build 6001 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\home\AppData\Local\Temp\hsperfdata_home\4124
Hidden: file C:\ProgramData\Norton\00000082\000000fc\000002d1\cltLMS1.dat
Hidden: file C:\ProgramData\Norton\00000082\000000fc\000002d1\cltLMS2.dat
Info: Starting disk scan of J: (FAT).
Stopped logging on 8/16/2010 at 12:29:51 PM


Edited by Rewster, 16 August 2010 - 12:32 PM.


#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 16 August 2010 - 04:50 PM

Were getting there..

QUOTE
There is a weird xxggkf.exe file that is running. Whenever I terminate the process tree, it comes back. When I delete the file, it comes back instantly.

What is the exact file path of this process?

=========

Please download, install and run Microsoft Security Essentials. Please let me know if it detects anything.

http://www.microsoft.com/security_essentials/

=========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

==========

We need to create an OTL Quick Scan
  1. Double click on the icon on your desktop.
  2. Click the "Scan All Users" checkbox.
  3. Push the button.
  4. A report will open, copy and paste it in a reply here

==========

With your next post please provide:

* Exact file path
* MSE scan results
* ESET log
* OTL log
* What problems remain?

Kind regards,
~t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 16 August 2010 - 05:03 PM

I'm not sure where the file was, but it was in a temp folder. The process is not running anymore.

Edited by Rewster, 16 August 2010 - 05:07 PM.


#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 16 August 2010 - 05:13 PM

Proceed with the other steps please. thumbup2.gif
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 16 August 2010 - 05:24 PM

Microsoft detected one infection. Trojan:Win32/BHO.BT

ESET-

C:\Windows\System32\opinstaller.msi multiple threats deleted - quarantined

-----

OTL logfile created on: 8/16/2010 7:50:12 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\home\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.40 Gb Total Space | 443.63 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.73 Gb Total Space | 0.01 Gb Free Space | 0.34% Space Free | Partition Type: FAT32

Computer Name: HOME-PC
Current User Name: home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/14 14:19:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\home\Downloads\OTL.exe
PRC - [2010/08/10 22:32:24 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/07/26 18:15:50 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/12/17 18:14:10 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2009/12/17 18:14:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2009/08/22 01:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/05/31 11:52:17 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/05/21 17:36:36 | 000,053,248 | ---- | M] (IOI) -- C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2008/01/20 21:50:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
PRC - [2007/08/16 20:17:56 | 002,342,912 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (SafeList) ==========

MOD - [2010/08/14 14:19:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\home\Downloads\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/07/22 09:12:08 | 000,902,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/22 01:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\BEEB.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/01/27 21:58:21 | 000,583,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/08/22 01:37:16 | 000,476,720 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/22 01:37:16 | 000,402,992 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/22 01:37:16 | 000,334,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 01:37:16 | 000,278,576 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/08/22 01:37:16 | 000,120,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/08/22 01:37:16 | 000,056,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/08/22 01:37:16 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/19 06:31:38 | 000,172,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/18 13:59:44 | 000,031,280 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/12 19:13:23 | 000,181,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/08/05 03:03:00 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/07/22 09:58:24 | 004,647,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/04/27 20:25:06 | 000,016,400 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/05 01:22:34 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/04/03 10:30:14 | 001,418,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/08/14 19:17:29 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2010/05/26 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/26 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/13 02:04:52 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100601.002\EX64.SYS -- (NAVEX15)
DRV - [2010/05/13 02:04:52 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100601.002\ENG64.SYS -- (NAVENG)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/28 17:37:22 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSviA64.sys -- (IDSVia64)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=dx4200-09
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=dx4200-09


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files (x86)\SGPSA\mtwb3sh.dll (TODO: <Company name>)
IE - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={DEE19A75-FA34-7C4C-0E35-882E4B316E7B}&q="
FF - prefs.js..network.proxy.backup.ftp: "66.160.144.212"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "66.160.144.212"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "66.160.144.212"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "66.160.144.212"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "66.160.144.212"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "66.160.144.212"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "66.160.144.212"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "66.160.144.212"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "66.160.144.212"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 22:44:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/10 22:44:19 | 000,000,000 | ---D | M]

[2009/08/03 20:35:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Extensions
[2009/05/31 21:55:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/16 11:35:53 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions
[2010/02/23 19:26:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/18 16:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/08/13 14:23:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/07 13:06:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\BearShareWebSearch.xml
[2010/02/23 19:26:24 | 000,000,433 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\fast-browser-search.xml
[2010/01/18 16:54:05 | 000,000,000 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\mywebsearch.xml
[2010/08/15 22:23:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2010/04/15 19:30:16 | 000,003,700 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.png
[2010/04/15 19:30:15 | 000,001,962 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/08/15 20:26:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/16 17:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/16 17:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/08/16 17:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/16 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/08/15 20:26:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/14 13:45:17 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/08/14 12:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/14 12:13:22 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Windows Server
[2010/08/13 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC Tool
[2010/08/13 13:57:44 | 000,000,000 | RH-D | C] -- C:\Users\home\Documents\Chance Backup Files
[2010/08/10 22:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/10 22:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/10 22:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/08/10 22:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/10 22:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/10 22:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/10 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/10 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/10 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Yahoo
[2010/08/10 22:32:28 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Yahoo!
[2010/08/10 22:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/08/10 22:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/07 14:04:36 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\The Duel
[2010/08/07 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DRGunZ 3.0
[2010/08/06 21:13:09 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\gunz-mrb
[2010/08/05 16:14:59 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Trinity
[2010/08/05 16:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trinity GunZ
[2010/07/30 19:26:03 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/07/29 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Xenocode
[2010/07/27 17:58:07 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\xF-GunZx
[2010/07/27 17:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freestyle GunZ
[2010/07/26 21:31:43 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Gunz
[2010/07/26 21:30:14 | 003,731,176 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/07/26 21:29:47 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010/07/26 21:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/07/26 21:24:52 | 000,000,000 | -H-D | C] -- C:\Users\home\AppData\Roaming\ijjigame
[2010/07/26 21:22:20 | 000,427,008 | ---- | C] (True Games Interactive) -- C:\Windows\SysWow64\uc_wepic_launching.dll
[2010/07/26 21:22:20 | 000,208,384 | ---- | C] (<YNK Intractive>) -- C:\Windows\SysWow64\uc_rohan_launching.dll
[2010/07/26 21:22:20 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll
[2010/07/26 21:22:20 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_sfighters_launching.dll
[2010/07/26 21:22:20 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_luminary_launching.dll
[2010/07/26 21:22:19 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe
[2010/07/26 21:22:19 | 000,086,624 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\ijjiChannelingPlugin.dll
[2010/07/26 21:22:19 | 000,075,264 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_holybeast_launching.dll
[2010/07/26 21:22:19 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe
[2010/07/26 21:22:19 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_atlantica_launching.dll
[2010/07/26 21:22:19 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\Windows\SysWow64\ijjiPlugin2.dll
[2010/07/26 21:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji
[2010/07/26 21:07:41 | 000,000,000 | ---D | C] -- C:\ijji
[2010/07/26 17:37:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/26 16:31:11 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/07/25 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\MusicNet
[2010/07/25 12:48:38 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\My Received Files
[2010/07/25 12:48:38 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\BearShare
[2010/07/25 12:48:38 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\BearShare
[2010/07/25 12:47:40 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\PackageAware
[2010/07/23 23:14:47 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Apple Computer
[2010/06/25 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Adobe
[2010/06/14 21:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/16 19:49:42 | 002,359,296 | -HS- | M] () -- C:\Users\home\NTUSER.DAT
[2010/08/16 19:42:30 | 000,000,099 | ---- | M] () -- C:\Users\home\jagex_runescape_preferences2.dat
[2010/08/16 19:39:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000UA.job
[2010/08/16 19:07:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/16 18:23:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 18:23:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 17:01:01 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/16 16:40:38 | 000,000,046 | ---- | M] () -- C:\Users\home\jagex_runescape_preferences.dat
[2010/08/16 14:39:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000Core.job
[2010/08/16 11:38:06 | 000,000,032 | ---- | M] () -- C:\Windows\GunzLauncher.INI
[2010/08/16 11:36:27 | 000,100,908 | ---- | M] () -- C:\Users\home\Desktop\SystemLook.exe
[2010/08/16 11:06:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/15 22:29:32 | 000,755,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 22:29:32 | 000,639,904 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 22:29:32 | 000,118,156 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/15 22:23:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/08/15 22:23:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/15 22:23:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/15 22:23:14 | 4025,671,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 22:22:10 | 000,524,288 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/15 22:22:10 | 000,065,536 | -HS- | M] () -- C:\Users\home\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/15 22:22:09 | 002,149,698 | -H-- | M] () -- C:\Users\home\AppData\Local\IconCache.db
[2010/08/14 19:17:29 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/14 13:58:12 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2010/08/14 13:52:29 | 000,313,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/14 13:47:18 | 000,000,000 | ---- | M] () -- C:\Users\home\jagex__preferences3.dat
[2010/08/14 12:29:20 | 000,002,838 | ---- | M] () -- C:\Users\home\AppData\Local\ucepepubit.dll
[2010/08/14 12:13:51 | 000,000,347 | ---- | M] () -- C:\Windows\wininit.ini
[2010/08/13 18:35:18 | 000,000,055 | ---- | M] () -- C:\Windows\SpeederXP.INI
[2010/08/13 14:34:57 | 000,002,039 | ---- | M] () -- C:\Users\home\Desktop\Google Chrome.lnk
[2010/08/13 14:34:57 | 000,002,001 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/11 12:58:04 | 000,002,255 | ---- | M] () -- C:\Users\home\Desktop\iTunes.lnk
[2010/08/10 22:32:08 | 000,000,998 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/10 22:32:08 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/10 22:16:49 | 000,028,672 | ---- | M] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 20:17:37 | 000,000,000 | ---- | M] () -- C:\Users\home\defogger_reenable
[2010/08/03 18:36:27 | 000,077,358 | ---- | M] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2010/07/25 12:48:37 | 000,000,152 | ---- | M] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2010/07/24 20:51:29 | 000,001,153 | ---- | M] () -- C:\Users\home\Documents\001 Carney Thinking of You.lnk
[2010/07/24 20:19:21 | 003,912,533 | ---- | M] () -- C:\Users\home\Documents\001 Carney Thinking of You.wma
[2010/07/23 22:50:23 | 044,377,846 | ---- | M] () -- C:\Users\home\Documents\AUDIO_Realtek_ALC888S_Vx64.zip
[2010/06/28 11:55:07 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/28 11:53:56 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/28 11:53:55 | 000,580,608 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/28 11:52:23 | 000,375,296 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/28 11:52:23 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/28 11:52:22 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/28 11:52:22 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/28 11:52:21 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/28 10:35:36 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2010/06/27 14:04:15 | 003,731,176 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2010/06/18 12:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/14 21:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2010/06/14 21:16:22 | 000,084,992 | ---- | M] () -- C:\Windows\SysNative\frapsv64.dll
[2010/06/08 12:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/06/03 15:51:19 | 000,761,152 | ---- | M] () -- C:\Windows\SysNative\msvcr100.dll
[2010/06/03 15:42:40 | 001,498,960 | ---- | M] () -- C:\Windows\SysNative\msvcr100d.dll
[2010/06/02 04:55:30 | 000,518,488 | ---- | M] () -- C:\Windows\SysNative\XAudio2_7.dll
[2010/06/02 04:55:30 | 000,176,984 | ---- | M] () -- C:\Windows\SysNative\xactengine3_7.dll
[2010/06/02 04:55:30 | 000,077,656 | ---- | M] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/05/26 11:53:52 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 11:41:02 | 002,526,056 | ---- | M] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/05/26 11:41:02 | 001,907,552 | ---- | M] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/05/26 11:41:02 | 000,511,328 | ---- | M] () -- C:\Windows\SysNative\d3dx10_43.dll
[2010/05/26 11:41:02 | 000,276,832 | ---- | M] () -- C:\Windows\SysNative\d3dx11_43.dll
[2010/05/26 11:41:00 | 002,401,112 | ---- | M] () -- C:\Windows\SysNative\D3DX9_43.dll
[2010/05/26 09:56:53 | 000,366,080 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/16 17:01:01 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/16 11:36:27 | 000,100,908 | ---- | C] () -- C:\Users\home\Desktop\SystemLook.exe
[2010/08/14 14:49:20 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/14 14:13:31 | 4025,671,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/14 13:47:18 | 000,000,000 | ---- | C] () -- C:\Users\home\jagex__preferences3.dat
[2010/08/14 13:47:17 | 000,000,099 | ---- | C] () -- C:\Users\home\jagex_runescape_preferences2.dat
[2010/08/14 13:45:43 | 000,000,046 | ---- | C] () -- C:\Users\home\jagex_runescape_preferences.dat
[2010/08/14 12:30:07 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2010/08/14 12:29:19 | 000,002,838 | ---- | C] () -- C:\Users\home\AppData\Local\ucepepubit.dll
[2010/08/13 18:35:14 | 000,000,055 | ---- | C] () -- C:\Windows\SpeederXP.INI
[2010/08/13 14:34:57 | 000,002,039 | ---- | C] () -- C:\Users\home\Desktop\Google Chrome.lnk
[2010/08/13 14:34:57 | 000,002,001 | ---- | C] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/13 14:34:14 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000UA.job
[2010/08/13 14:34:12 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3543337436-1021955473-2105359954-1000Core.job
[2010/08/11 12:58:02 | 000,002,255 | ---- | C] () -- C:\Users\home\Desktop\iTunes.lnk
[2010/08/11 00:38:59 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/11 00:38:57 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/11 00:38:57 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/11 00:38:56 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/11 00:38:54 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 00:38:52 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 00:38:46 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/11 00:38:43 | 005,691,904 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/11 00:38:40 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/11 00:38:40 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/11 00:38:40 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/11 00:38:40 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/11 00:38:39 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/08/11 00:38:39 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 00:38:39 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/08/11 00:38:39 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/11 00:38:39 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 00:38:39 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/08/11 00:38:39 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 00:38:39 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/11 00:38:38 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/11 00:38:38 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/11 00:38:38 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/08/11 00:38:38 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/11 00:38:34 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/10 22:32:08 | 000,000,998 | ---- | C] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/10 22:32:08 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/10 20:17:37 | 000,000,000 | ---- | C] () -- C:\Users\home\defogger_reenable
[2010/08/02 20:15:14 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/30 19:17:48 | 000,000,347 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/29 13:28:25 | 000,410,168 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistMSI2D3C.txt
[2010/07/29 13:28:24 | 000,072,732 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistUI2D3C.txt
[2010/07/27 17:58:09 | 000,000,032 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2010/07/26 21:30:49 | 000,077,358 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2010/07/26 21:29:47 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010/07/26 21:22:20 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010/07/26 17:48:57 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll
[2010/07/26 17:48:57 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/07/26 17:48:54 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/07/26 17:48:54 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll
[2010/07/26 17:48:53 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/07/26 17:48:53 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll
[2010/07/26 17:48:52 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll
[2010/07/26 17:48:52 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll
[2010/07/26 17:48:51 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2010/07/26 17:48:51 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2010/07/26 17:48:51 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/07/26 17:48:51 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/07/26 17:48:49 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2010/07/26 17:48:48 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2010/07/26 17:48:47 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/07/26 17:48:46 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/07/26 17:48:45 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2010/07/26 17:48:45 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2010/07/26 17:48:44 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2010/07/26 17:48:44 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/07/26 17:48:44 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2010/07/26 17:48:43 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2010/07/26 17:48:43 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/07/26 17:48:42 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2010/07/26 17:48:41 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/07/26 17:48:41 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2010/07/26 17:48:41 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/07/26 17:48:40 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2010/07/26 17:48:39 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2010/07/26 17:48:39 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/07/26 17:48:38 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2010/07/26 17:48:37 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/07/26 17:48:35 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2010/07/26 17:48:35 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/07/26 17:48:34 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2010/07/26 17:48:33 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/07/26 17:48:33 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2010/07/26 17:48:32 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2010/07/26 17:48:31 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2010/07/26 17:48:31 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2010/07/26 17:48:31 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/07/26 17:48:30 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/07/26 17:48:30 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2010/07/26 17:48:30 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/07/26 17:48:29 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2010/07/26 17:48:28 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2010/07/26 17:48:27 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2010/07/26 17:48:26 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/07/26 17:48:25 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/07/26 17:48:25 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2010/07/26 17:48:24 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2010/07/26 17:48:23 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2010/07/26 17:48:21 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2010/07/26 17:48:21 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/07/26 17:48:21 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2010/07/26 17:48:20 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2010/07/26 17:48:19 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2010/07/26 17:48:19 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/07/26 17:48:19 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2010/07/26 17:48:17 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/07/26 17:48:17 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2010/07/26 17:48:17 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2010/07/26 17:48:17 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/07/26 17:48:15 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2010/07/26 17:48:15 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2010/07/26 17:48:14 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2010/07/26 17:48:13 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/07/26 17:48:13 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2010/07/26 17:48:12 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2010/07/26 17:48:11 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2010/07/26 17:48:10 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2010/07/26 17:48:10 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2010/07/26 17:48:09 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
[2010/07/26 17:48:08 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2010/07/26 17:48:08 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/07/26 17:48:07 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2010/07/26 17:48:06 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2010/07/26 17:48:06 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2010/07/26 17:48:04 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2010/07/26 17:48:03 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2010/07/26 17:48:01 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2010/07/26 17:47:56 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2010/07/26 17:47:52 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2010/07/26 17:47:52 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/07/26 17:47:51 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2010/07/26 17:47:50 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2010/07/26 17:47:50 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2010/07/26 17:47:49 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2010/07/26 17:47:48 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2010/07/26 17:47:47 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2010/07/25 13:07:54 | 003,912,533 | ---- | C] () -- C:\Users\home\Documents\001 Carney Thinking of You.wma
[2010/07/25 12:48:37 | 000,000,152 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2010/07/24 20:56:01 | 000,001,153 | ---- | C] () -- C:\Users\home\Documents\001 Carney Thinking of You.lnk
[2010/07/23 22:50:23 | 044,377,846 | ---- | C] () -- C:\Users\home\Documents\AUDIO_Realtek_ALC888S_Vx64.zip
[2010/06/25 15:58:24 | 000,335,360 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistMSI3F85.txt
[2010/06/25 15:58:24 | 000,011,234 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistUI3F85.txt
[2010/06/23 03:00:35 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 03:00:35 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 03:00:31 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/23 03:00:30 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/23 03:00:30 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/22 23:29:15 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/22 23:29:14 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/16 15:05:40 | 000,334,898 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistMSI57F6.txt
[2010/06/16 15:05:40 | 000,013,138 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistUI57F6.txt
[2010/06/15 01:26:50 | 000,333,506 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistMSI171E.txt
[2010/06/15 01:26:50 | 000,011,170 | ---- | C] () -- C:\Users\home\AppData\Local\dd_vcredistUI171E.txt
[2010/06/14 21:16:22 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\frapsv64.dll
[2010/06/08 15:47:07 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/08 15:47:07 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/08 15:47:06 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/08 15:46:46 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/08 15:46:13 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/03 15:55:24 | 001,892,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_42.dll
[2010/06/03 15:42:34 | 001,498,960 | ---- | C] () -- C:\Windows\SysNative\msvcr100d.dll
[2010/06/03 15:42:30 | 000,761,152 | ---- | C] () -- C:\Windows\SysNative\msvcr100.dll
[2010/05/25 20:37:42 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/04/16 19:53:30 | 000,750,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/28 10:17:48 | 003,284,480 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/06/14 21:47:02 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/03/25 02:33:52 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009/03/25 02:33:52 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/06 21:13:10 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\gunz-mrb
[2010/07/26 21:24:52 | 000,000,000 | -H-D | M] -- C:\Users\home\AppData\Roaming\ijjigame
[2010/08/14 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\LimeWire
[2010/07/25 12:50:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\MusicNet
[2009/11/04 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Template
[2010/08/15 22:22:11 | 000,028,404 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Edited by Rewster, 16 August 2010 - 07:53 PM.


#12 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 16 August 2010 - 09:05 PM

Firefox still has the Fast Browser Search on it. It will hijack entries into the search bar, even if they are full website links.

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 16 August 2010 - 09:36 PM

Let's continue..


We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL

    IE - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files (x86)\SGPSA\mtwb3sh.dll (TODO: <Company name>)
    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..network.proxy.backup.ftp: "66.160.144.212"
    FF - prefs.js..network.proxy.backup.ftp_port: 8080
    FF - prefs.js..network.proxy.backup.gopher: "66.160.144.212"
    FF - prefs.js..network.proxy.backup.gopher_port: 8080
    FF - prefs.js..network.proxy.backup.socks: "66.160.144.212"
    FF - prefs.js..network.proxy.backup.socks_port: 8080
    FF - prefs.js..network.proxy.backup.ssl: "66.160.144.212"
    FF - prefs.js..network.proxy.backup.ssl_port: 8080
    FF - prefs.js..network.proxy.ftp: "66.160.144.212"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.gopher: "66.160.144.212"
    FF - prefs.js..network.proxy.gopher_port: 8080
    FF - prefs.js..network.proxy.http: "66.160.144.212"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "66.160.144.212"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.ssl: "66.160.144.212"
    FF - prefs.js..network.proxy.ssl_port: 8080
    [2010/01/18 16:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
    [2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\BearShareWebSearch.xml
    [2010/02/23 19:26:24 | 000,000,433 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\fast-browser-search.xml
    [2010/01/18 16:54:05 | 000,000,000 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\mywebsearch.xml
    [2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
    [2010/04/15 19:30:16 | 000,003,700 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.png
    [2010/04/15 19:30:15 | 000,001,962 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

    :Commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

How is it running now?

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 16 August 2010 - 09:59 PM

Fast browser search is still there. It is showing as my default search engine, and whenever I open a new tab.

All processes killed
========== OTL ==========
HKU\S-1-5-21-3543337436-1021955473-2105359954-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3543337436-1021955473-2105359954-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}\ deleted successfully.
C:\Program Files (x86)\SGPSA\mtwb3sh.dll moved successfully.
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "Fast Browser Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "66.160.144.212" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "66.160.144.212" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "66.160.144.212" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "66.160.144.212" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "66.160.144.212" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "66.160.144.212" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "66.160.144.212" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "66.160.144.212" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "66.160.144.212" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} folder moved successfully.
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\BearShareWebSearch.xml moved successfully.
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\fast-browser-search.xml moved successfully.
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\mrnquo48.default\searchplugins\mywebsearch.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\BearShareWebSearch.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.png moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fast.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: home
->Temp folder emptied: 883171 bytes
->Temporary Internet Files folder emptied: 7288539 bytes
->Java cache emptied: 120046 bytes
->FireFox cache emptied: 83999168 bytes
->Google Chrome cache emptied: 5106587 bytes
->Flash cache emptied: 1083 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112118 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 93.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08162010_215146

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\BEEB.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\F93B.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JET9CCB.tmp not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF5HFCGV\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ6D7PE7\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BF0UKR84\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H54790K\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by Rewster, 16 August 2010 - 10:00 PM.


#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 17 August 2010 - 06:40 AM

Tough little bugger.

It is going to take 2 posts to get the job done. Need some more info though.

First...

Please download RegQuery by Noviciate to your Desktop.

* Double click: RegQuery.exe to run the program.
* Copy the following registry keypath by highlighting the text in the code box and pressing CTRL+C (Do NOT copy the word: CODE)

CODE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs


* Paste the text you have copied into the textbox using CRTL+V.
* Click the Query button.
* A Notepad file will open.
* Please post the contents in your next reply
* Close RegQuery

==========

Next...
  1. Steps 2 and 3 are for Firefox Users. Internet Explorer Users will need to skip ahead to step 4.
  2. Click on the "Tools" menu at the top of the screen, and then select "Add-ons".
  3. This will bring up the screen where all the plug-ins and toolbars are installed for your browser. This is also where you should be able to find "Fast Browser Search". When you locate it, just click on it, then click the "Uninstall" button that appears. This will allow you to remove the plugin easily and without any hassle.
  4. If you are running Internet Explorer, you can remove this web toolbar by clicking on the small "down arrow" button which is part of the main search button for the toolbar.
  5. Click on the "help" option.
  6. After that, you need to click on "Uninstall" and then follow the on-screen instructions.
  7. Click on the start button in the lower left-hand corner of your computer screen.
  8. Click "Control Panel", then select the "Add or Remove Programs" option.
  9. From the program list find Fast Browser search protection & Fast Browser Search program and uninstall program.


==========



Right click and delete OTL from your desktop.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

After I get the logs I will post the next step to hopefully nuke it for good.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users