Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting to Ad Sites


  • This topic is locked This topic is locked
12 replies to this topic

#1 Lushy

Lushy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 03 September 2010 - 02:39 PM

As said, I got the bug everyone seems to have and no one can shake: Here is my DDS Log and Hijack Log


DDS (Ver_10-03-17.01) - NTFSX64
Run by LordLutz at 14:31:02.41 on Fri 09/03/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.7166.4350 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\LordLutz\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files (x86)\winamp toolbar\winamptb.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office12\GRA8E1~1.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files (x86)\winamp toolbar\winamptb.dll
uRun: [Google Update] "c:\users\lordlutz\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [PlayNC Launcher]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\users\lordlutz\desktop\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\lordlutz\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~1\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office12\GRA8E1~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 27648]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-4-16 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-4-16 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-16 81072]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\daodb\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-16 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 22408]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-4-20 89920]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe --> c:\program files (x86)\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2010-5-3 30192]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\drivers\Rtnic64.sys [2010-4-16 52736]

=============== Created Last 30 ================

2010-09-01 05:44:30 0 d-----w- c:\windows\Legendary Champions
2010-09-01 04:37:04 0 d-----w- c:\program files (x86)\common files\Akamai
2010-08-28 22:30:26 5174 ----a-w- c:\windows\syswow64\nppt9x.vxd
2010-08-28 22:30:26 4682 ----a-w- c:\windows\syswow64\npptNT2.sys
2010-08-28 22:06:48 0 d-----w- C:\Ntreev USA
2010-08-12 18:28:11 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 18:28:10 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 18:28:10 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 18:28:08 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 18:28:06 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 18:28:06 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-05 19:46:12 0 d-----w- c:\program files\Ventrilo
2010-08-05 19:46:11 262 ----a-w- c:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

==================== Find3M ====================

2010-08-30 13:07:24 62101 ----a-w- c:\programdata\nvModes.dat
2010-08-23 05:38:44 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-23 05:38:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-23 05:38:43 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-18 02:59:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-07-18 02:59:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-07-09 19:04:40 41872 ----a-w- c:\windows\syswow64\xfcodec.dll
2010-07-09 19:04:40 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2010-06-29 16:03:43 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-06-29 15:47:12 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-29 15:46:59 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-29 15:44:16 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-29 15:44:15 3603456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-29 15:43:04 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-29 15:43:04 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-29 15:43:00 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-11 16:39:28 343040 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:38:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 18:00:36 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-15 04:57:55 322352 ----a-w- c:\program files\uTorrent.exe
2010-04-24 01:31:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-17 03:07:08 22 ----a-w- c:\program files\zipnew.dat
2010-04-17 03:07:07 20 ----a-w- c:\program files\rarnew.dat
2010-03-15 16:29:05 639 ----a-w- c:\program files\Uninstall.lst
2010-03-15 16:28:36 256368 ----a-w- c:\program files\WinRAR.chm
2010-03-15 16:28:32 120832 ----a-w- c:\program files\Uninstall.exe
2010-03-15 16:28:25 52224 ----a-w- c:\program files\RarExt64.dll
2010-03-15 16:28:23 45056 ----a-w- c:\program files\RarExtLoader.exe
2010-03-15 16:28:22 141824 ----a-w- c:\program files\RarExt.dll
2010-03-15 16:28:03 74240 ----a-w- c:\program files\Zip.SFX
2010-03-15 16:28:02 92672 ----a-w- c:\program files\Default.SFX
2010-03-15 16:27:00 69632 ----a-w- c:\program files\WinCon.SFX
2010-03-15 16:26:53 378880 ----a-w- c:\program files\Rar.exe
2010-03-15 16:26:53 246272 ----a-w- c:\program files\UnRAR.exe
2010-03-15 16:26:37 1039360 ----a-w- c:\program files\WinRAR.exe
2010-03-11 22:59:10 9232 ----a-w- c:\program files\TechNote.txt
2010-03-11 22:59:10 76080 ----a-w- c:\program files\Rar.txt
2010-03-11 22:59:10 495 ----a-w- c:\program files\File_Id.diz
2010-03-11 22:58:43 19551 ----a-w- c:\program files\WhatsNew.txt
2009-03-06 05:53:53 1495 ----a-w- c:\program files\ReadMe.txt
2009-01-08 16:07:21 6806 ----a-w- c:\program files\License.txt
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-10-22 15:21:24 3271 ----a-w- c:\program files\Order.htm
2006-09-19 01:13:58 1063 ----a-w- c:\program files\Descript.ion
2006-04-11 16:01:02 1088 ----a-w- c:\program files\RarFiles.lst
2005-05-12 22:02:30 90 ----a-w- c:\program files\UnrarSrc.txt

============= FINISH: 14:32:06.11 ===============

Hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:39:18 PM, on 9/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\LordLutz\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\LordLutz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10298 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 04 September 2010 - 03:11 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Gmer is the best but can be hard to get a log lets try this and see what we get.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Lushy

Lushy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2010 - 04:23 AM

Unable to run Rootkit: Getting error message

Error loading driver, NTSTATUS code: 0xC000036B

tried about 10 times already

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 06 September 2010 - 04:31 AM

hello

yea I missed that this is a 64bit system RKunhooker don't work on 64bit

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
      %PROGRAMFILES%\PC-Doctor\Downloads\*.*
      %PROGRAMFILES%\Internet Explorer\*.tmp
      %PROGRAMFILES%\Internet Explorer\*.dat
      %USERPROFILE%\My Documents\*.exe
      %USERPROFILE%\*.exe
      %systemroot%\ADDINS\*.*
      %systemroot%\assembly\*.bak2
      %systemroot%\Config\*.*
      %systemroot%\REPAIR\*.bak2
      %systemroot%\SECURITY\Database\*.sdb /x
      %systemroot%\SYSTEM\*.bak2
      %systemroot%\Web\*.bak2
      %systemroot%\Driver Cache\*.*
      %PROGRAMFILES%\Mozilla Firefox\0*.exe
      %ProgramFiles%\Microsoft Common\*.*
      %ProgramFiles%\TinyProxy.
      %USERPROFILE%\Favorites\*.url /x
      %systemroot%\system32\*.bk
      %systemroot%\*.te
      %systemroot%\system32\system32\*.*
      %ALLUSERSPROFILE%\*.dat /x
      %systemroot%\system32\drivers\*.rmv
      dir /b "%systemroot%\system32\*.exe" | find /i " " /c
      dir /b "%systemroot%\*.exe" | find /i " " /c
      %PROGRAMFILES%\Microsoft\*.*
      %systemroot%\System32\Wbem\proquota.exe
      %PROGRAMFILES%\Mozilla Firefox\*.dat
      %USERPROFILE%\Cookies\*.txt /x
      %SystemRoot%\system32\fonts\*.*
      %systemroot%\system32\winlog\*.*
      %systemroot%\system32\Language\*.*
      %systemroot%\system32\Settings\*.*
      %systemroot%\system32\*.quo
      %SYSTEMROOT%\AppPatch\*.exe
      %SYSTEMROOT%\inf\*.exe
      %SYSTEMROOT%\Installer\*.exe
      %USERPROFILE%\Templates\*.*
      %systemroot%\system32\config\*.bak2
      %systemroot%\system32\Computers\*.*
      %SystemRoot%\system32\Sound\*.*
      %SystemRoot%\system32\SpecialImg\*.*
      %SystemRoot%\system32\code\*.*
      %SystemRoot%\system32\draft\*.*
      %SystemRoot%\system32\MSSSys\*.*
      %ProgramFiles%\Javascript\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. The two logs from OTL
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Lushy

Lushy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 06 September 2010 - 01:18 PM

M-BAM:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9/6/2010 5:39:08 AM
mbam-log-2010-09-06 (05-39-08).txt

Scan type: Quick scan
Objects scanned: 120529
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL:

OTL logfile created on: 9/6/2010 5:55:56 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\LordLutz\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 59.00% Memory free
14.00 Gb Paging File | 12.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.05 Gb Total Space | 174.78 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 479.74 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 8.94 Gb Free Space | 89.45% Space Free | Partition Type: NTFS
Drive F: | 182.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEONYSTUDIOS
Current User Name: LordLutz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/06 05:40:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\LordLutz\Downloads\OTL.exe
PRC - [2010/08/23 00:00:00 | 002,068,832 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2010/08/17 20:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/07/02 22:44:22 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/19 20:39:13 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/22 11:19:41 | 000,224,936 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/07/15 07:39:31 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/06 05:40:01 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\LordLutz\Downloads\OTL.exe
MOD - [2008/01/20 21:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/11 02:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 02:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:49:28 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/31 23:37:08 | 002,854,488 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/rswin_3746.dll -- (Akamai)
SRV - [2010/07/02 22:44:22 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/19 20:39:13 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2010/05/01 12:51:21 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/16 13:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/10/29 16:29:56 | 000,052,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/20 21:46:34 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006/10/02 21:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/08/28 17:30:30 | 000,141,612 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/05/26 18:03:42 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\Mozilla\Extensions
[2010/05/26 18:03:42 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/08/30 21:02:50 | 000,416,917 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14391 more lines...
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\LordLutz\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\LordLutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\LordLutz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\LordLutz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/19 08:32:38 | 000,000,046 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3b09d982-49a5-11df-8ba6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3b09d982-49a5-11df-8ba6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\setup.exe -- [2009/05/12 06:43:59 | 000,124,168 | R--- | M] (Logitech, Inc.)
O33 - MountPoints2\{6dc94675-554a-11df-92ee-00173fd0de24}\Shell - "" = AutoRun
O33 - MountPoints2\{6dc94675-554a-11df-92ee-00173fd0de24}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/04 03:17:09 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Roaming\PFStaticIP
[2010/09/04 03:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFStaticIP
[2010/09/03 16:50:23 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\Documents\My Games
[2010/09/03 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/03 14:16:12 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\Desktop\Malwarebytes' Anti-Malware
[2010/09/01 00:44:30 | 000,000,000 | ---D | C] -- C:\Windows\Legendary Champions
[2010/08/31 23:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/08/28 17:30:26 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2010/08/28 17:06:48 | 000,000,000 | ---D | C] -- C:\Ntreev USA
[2010/08/05 14:47:02 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Roaming\Ventrilo
[2010/08/05 14:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/07/23 15:30:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/21 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Roaming\Apple Computer
[2010/07/21 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Local\Apple Computer
[2010/07/21 11:34:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/07/21 11:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/21 11:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/21 11:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/21 11:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/21 11:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/07/21 11:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/07/21 11:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/07/21 11:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/21 11:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/21 11:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/07/17 21:59:28 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Local\Logitech
[2010/07/17 21:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/07/17 21:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/07/17 21:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/07/16 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\Documents\StarCraft II Beta
[2010/07/16 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Local\Blizzard Entertainment
[2010/07/16 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/07/03 23:09:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/03 23:05:04 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\LordLutz\Desktop\TFC.exe
[2010/07/01 11:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment.temp
[2010/07/01 11:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/07/01 11:13:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/06/30 18:17:27 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Roaming\Malwarebytes
[2010/06/30 18:16:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/30 18:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/30 18:16:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/30 18:16:01 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\Desktop\explore
[2010/06/29 21:40:00 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\Documents\My Aion
[2010/06/28 20:28:23 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\oni
[2010/06/27 22:04:54 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Roaming\GetRightToGo
[2010/06/27 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Local\assembly
[2010/06/27 00:01:59 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Roaming\Xfire
[2010/06/27 00:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010/06/27 00:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2010/06/26 23:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft
[2010/06/26 23:50:39 | 000,000,000 | -HSD | C] -- C:\Users\LordLutz\AppData\Roaming\.#
[2010/06/26 23:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/06/26 19:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/06/20 04:45:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/17 21:57:34 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Local\Winamp Toolbar
[2010/06/17 21:57:29 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/06/17 21:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/17 21:54:31 | 000,000,000 | ---D | C] -- C:\Users\LordLutz\AppData\Local\Apple
[2010/06/17 21:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/15 21:52:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010/06/10 19:36:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/04/16 19:24:15 | 000,322,352 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe

========== Files - Modified Within 90 Days ==========

[2010/09/06 05:57:47 | 006,029,312 | -HS- | M] () -- C:\Users\LordLutz\NTUSER.DAT
[2010/09/06 05:10:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885791132-4088077689-137676379-1000UA.job
[2010/09/06 04:24:12 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/06 04:06:29 | 000,004,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/06 04:06:29 | 000,004,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 13:17:29 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885791132-4088077689-137676379-1000Core.job
[2010/09/04 23:31:08 | 000,062,101 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/04 03:16:57 | 000,000,872 | ---- | M] () -- C:\Users\LordLutz\Desktop\Portforward Setup Static IP Address.lnk
[2010/09/03 16:50:12 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\FINAL FANTASY XIV Beta Version.lnk
[2010/09/03 14:39:00 | 000,002,959 | ---- | M] () -- C:\Users\LordLutz\Desktop\HiJackThis.lnk
[2010/09/01 20:26:04 | 000,035,900 | ---- | M] () -- C:\Users\LordLutz\Desktop\tumblr_l56apsgQUE1qam45eo1_400.jpg
[2010/09/01 00:49:08 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\Play Legendary Champions.lnk
[2010/08/30 21:02:50 | 000,416,917 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/30 08:13:03 | 000,760,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/30 08:13:03 | 000,645,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/30 08:13:03 | 000,119,690 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/30 08:07:24 | 000,062,101 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/30 08:06:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/30 08:06:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/30 00:58:00 | 000,524,288 | -HS- | M] () -- C:\Users\LordLutz\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/08/30 00:58:00 | 000,065,536 | -HS- | M] () -- C:\Users\LordLutz\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/08/30 00:45:15 | 002,964,956 | -H-- | M] () -- C:\Users\LordLutz\AppData\Local\IconCache.db
[2010/08/29 19:09:15 | 000,110,080 | ---- | M] () -- C:\Users\LordLutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/28 17:30:30 | 000,141,612 | ---- | M] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2010/08/28 17:12:36 | 000,000,745 | ---- | M] () -- C:\Users\LordLutz\Desktop\Trickster Online.lnk
[2010/08/28 05:36:20 | 001,094,386 | ---- | M] () -- C:\Users\LordLutz\Desktop\Digital Romance leads to Digital Drama.docx
[2010/08/22 10:01:43 | 551,082,697 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/21 13:46:40 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 16:11:07 | 000,002,059 | ---- | M] () -- C:\Users\LordLutz\Desktop\Google Chrome.lnk
[2010/08/20 16:11:07 | 000,002,021 | ---- | M] () -- C:\Users\LordLutz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/20 13:41:02 | 000,038,400 | ---- | M] () -- C:\Users\LordLutz\Desktop\Megan2010.doc
[2010/08/13 05:08:35 | 000,374,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 20:01:08 | 019,461,015 | ---- | M] () -- C:\Users\LordLutz\Documents\vlc-1.1.2-win32.exe
[2010/08/05 14:46:13 | 000,000,754 | ---- | M] () -- C:\Users\LordLutz\Desktop\Ventrilo.lnk
[2010/08/05 14:46:13 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/08/05 10:25:19 | 000,000,680 | ---- | M] () -- C:\Users\LordLutz\AppData\Local\d3d9caps.dat
[2010/07/31 16:24:27 | 000,363,520 | ---- | M] () -- C:\Users\LordLutz\Desktop\rkill.com
[2010/07/24 01:16:34 | 019,473,201 | ---- | M] () -- C:\Users\LordLutz\Documents\vlc-1.1.1-win32.exe
[2010/07/23 15:38:28 | 000,000,821 | ---- | M] () -- C:\Users\LordLutz\Desktop\SoulMaster.lnk
[2010/07/22 14:19:10 | 000,412,119 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100830-210250.backup
[2010/07/21 11:34:18 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/21 11:33:21 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/07/20 15:28:15 | 000,000,570 | ---- | M] () -- C:\Users\LordLutz\Desktop\ Mabinogi .lnk
[2010/07/17 21:59:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/07/17 21:59:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/07/15 11:34:55 | 000,412,119 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100722-141909.backup
[2010/07/09 14:04:40 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 14:04:40 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/07/08 02:08:19 | 000,411,423 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100715-113455.backup
[2010/07/03 23:05:31 | 000,867,892 | ---- | M] () -- C:\Users\LordLutz\Desktop\SecurityCheck.exe
[2010/07/03 23:05:05 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\LordLutz\Desktop\TFC.exe
[2010/06/29 00:25:29 | 000,044,719 | ---- | M] () -- C:\Users\LordLutz\Desktop\albelnox.png
[2010/06/29 00:16:34 | 000,018,604 | ---- | M] () -- C:\Users\LordLutz\Desktop\ginmayoyaoismaller.jpg
[2010/06/28 23:38:15 | 000,114,176 | ---- | M] () -- C:\Users\LordLutz\Desktop\mmowriter.doc
[2010/06/28 20:27:53 | 000,000,490 | ---- | M] () -- C:\Users\Public\Desktop\CosmicBreak_eng.lnk
[2010/06/27 22:33:05 | 000,000,665 | ---- | M] () -- C:\Users\Public\Desktop\Battle of the Immortals.lnk
[2010/06/26 23:58:34 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk

========== Files Created - No Company Name ==========

[2010/09/06 04:18:10 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/04 03:16:57 | 000,000,872 | ---- | C] () -- C:\Users\LordLutz\Desktop\Portforward Setup Static IP Address.lnk
[2010/09/03 16:50:12 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\FINAL FANTASY XIV Beta Version.lnk
[2010/09/03 14:38:33 | 000,002,959 | ---- | C] () -- C:\Users\LordLutz\Desktop\HiJackThis.lnk
[2010/09/01 20:26:04 | 000,035,900 | ---- | C] () -- C:\Users\LordLutz\Desktop\tumblr_l56apsgQUE1qam45eo1_400.jpg
[2010/09/01 00:49:08 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\Play Legendary Champions.lnk
[2010/08/31 23:38:00 | 000,431,886 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\dd_vcredistMSI1231.txt
[2010/08/31 23:38:00 | 000,011,410 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\dd_vcredistUI1231.txt
[2010/08/28 17:30:30 | 000,141,612 | ---- | C] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2010/08/28 17:30:26 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2010/08/28 17:12:36 | 000,000,745 | ---- | C] () -- C:\Users\LordLutz\Desktop\Trickster Online.lnk
[2010/08/28 00:59:06 | 001,094,386 | ---- | C] () -- C:\Users\LordLutz\Desktop\Digital Romance leads to Digital Drama.docx
[2010/08/10 19:58:08 | 019,461,015 | ---- | C] () -- C:\Users\LordLutz\Documents\vlc-1.1.2-win32.exe
[2010/08/05 14:46:13 | 000,000,754 | ---- | C] () -- C:\Users\LordLutz\Desktop\Ventrilo.lnk
[2010/08/05 14:46:11 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/07/31 16:24:26 | 000,363,520 | ---- | C] () -- C:\Users\LordLutz\Desktop\rkill.com
[2010/07/24 01:16:25 | 019,473,201 | ---- | C] () -- C:\Users\LordLutz\Documents\vlc-1.1.1-win32.exe
[2010/07/24 00:06:24 | 240,290,038 | ---- | C] () -- C:\Users\LordLutz\Documents\Kangoku Senkan - 03.mkv
[2010/07/23 15:38:28 | 000,000,821 | ---- | C] () -- C:\Users\LordLutz\Desktop\SoulMaster.lnk
[2010/07/21 11:34:18 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/21 11:33:21 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/07/20 15:28:15 | 000,000,570 | ---- | C] () -- C:\Users\LordLutz\Desktop\ Mabinogi .lnk
[2010/07/17 21:59:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/07/17 21:59:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 14:04:40 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/07/03 23:05:30 | 000,867,892 | ---- | C] () -- C:\Users\LordLutz\Desktop\SecurityCheck.exe
[2010/07/03 22:43:04 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/29 00:25:29 | 000,044,719 | ---- | C] () -- C:\Users\LordLutz\Desktop\albelnox.png
[2010/06/29 00:16:34 | 000,018,604 | ---- | C] () -- C:\Users\LordLutz\Desktop\ginmayoyaoismaller.jpg
[2010/06/28 23:38:14 | 000,114,176 | ---- | C] () -- C:\Users\LordLutz\Desktop\mmowriter.doc
[2010/06/28 20:27:53 | 000,000,490 | ---- | C] () -- C:\Users\Public\Desktop\CosmicBreak_eng.lnk
[2010/06/27 22:33:05 | 000,000,665 | ---- | C] () -- C:\Users\Public\Desktop\Battle of the Immortals.lnk
[2010/06/26 23:58:34 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2010/06/20 04:45:12 | 551,082,697 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/03 08:43:25 | 000,774,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/24 17:11:25 | 000,110,080 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 22:24:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/04/20 22:23:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/04/16 23:22:42 | 000,062,101 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/16 23:22:42 | 000,062,101 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/16 22:16:11 | 001,880,672 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\dd_NET_Framework35_x64_MSI035A.txt
[2010/04/16 22:15:16 | 000,199,947 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010/04/16 22:15:13 | 000,210,092 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\dd_dotnetfx35install.txt
[2010/04/16 22:15:13 | 000,002,586 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\uxeventlog.txt
[2010/04/16 22:15:13 | 000,000,002 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\dd_dotnetfx35error.txt
[2010/04/16 22:07:08 | 000,000,022 | ---- | C] () -- C:\Program Files\zipnew.dat
[2010/04/16 22:07:07 | 000,000,020 | ---- | C] () -- C:\Program Files\rarnew.dat
[2010/04/16 22:07:05 | 001,039,360 | ---- | C] () -- C:\Program Files\WinRAR.exe
[2010/04/16 22:07:05 | 000,378,880 | ---- | C] () -- C:\Program Files\Rar.exe
[2010/04/16 22:07:05 | 000,256,368 | ---- | C] () -- C:\Program Files\WinRAR.chm
[2010/04/16 22:07:05 | 000,246,272 | ---- | C] () -- C:\Program Files\UnRAR.exe
[2010/04/16 22:07:05 | 000,141,824 | ---- | C] () -- C:\Program Files\RarExt.dll
[2010/04/16 22:07:05 | 000,120,832 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2010/04/16 22:07:05 | 000,092,672 | ---- | C] () -- C:\Program Files\Default.SFX
[2010/04/16 22:07:05 | 000,074,240 | ---- | C] () -- C:\Program Files\Zip.SFX
[2010/04/16 22:07:05 | 000,069,632 | ---- | C] () -- C:\Program Files\WinCon.SFX
[2010/04/16 22:07:05 | 000,052,224 | ---- | C] () -- C:\Program Files\RarExt64.dll
[2010/04/16 22:07:05 | 000,045,056 | ---- | C] () -- C:\Program Files\RarExtLoader.exe
[2010/04/16 22:07:05 | 000,019,551 | ---- | C] () -- C:\Program Files\WhatsNew.txt
[2010/04/16 22:07:05 | 000,009,232 | ---- | C] () -- C:\Program Files\TechNote.txt
[2010/04/16 22:07:05 | 000,003,271 | ---- | C] () -- C:\Program Files\Order.htm
[2010/04/16 22:07:05 | 000,001,495 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2010/04/16 22:07:05 | 000,001,088 | ---- | C] () -- C:\Program Files\RarFiles.lst
[2010/04/16 22:07:05 | 000,000,639 | ---- | C] () -- C:\Program Files\Uninstall.lst
[2010/04/16 22:07:05 | 000,000,090 | ---- | C] () -- C:\Program Files\UnrarSrc.txt
[2010/04/16 22:07:04 | 000,076,080 | ---- | C] () -- C:\Program Files\Rar.txt
[2010/04/16 22:07:04 | 000,006,806 | ---- | C] () -- C:\Program Files\License.txt
[2010/04/16 22:07:04 | 000,001,063 | ---- | C] () -- C:\Program Files\Descript.ion
[2010/04/16 22:07:04 | 000,000,495 | ---- | C] () -- C:\Program Files\File_Id.diz
[2010/04/16 19:00:45 | 000,431,066 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\dd_vcredistMSI6DC6.txt
[2010/04/16 19:00:45 | 000,011,664 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\dd_vcredistUI6DC6.txt
[2010/04/16 18:57:14 | 000,000,680 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\d3d9caps.dat
[2010/04/16 15:45:02 | 000,029,216 | ---- | C] () -- C:\Users\LordLutz\AppData\Roaming\UserTile.png
[2010/04/16 15:35:02 | 000,000,732 | ---- | C] () -- C:\Users\LordLutz\AppData\Local\d3d9caps64.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/06/26 23:50:48 | 000,000,000 | -HSD | M] -- C:\Users\LordLutz\AppData\Roaming\.#
[2010/05/01 19:17:58 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\DAEMON Tools Lite
[2010/06/27 22:14:10 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\GetRightToGo
[2010/08/30 08:08:19 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\LimeWire
[2010/04/16 15:45:02 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\PeerNetworking
[2010/09/04 03:21:05 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\PFStaticIP
[2010/05/23 01:12:56 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\Smith Micro
[2010/04/16 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\Trillian
[2010/07/29 13:41:13 | 000,000,000 | ---D | M] -- C:\Users\LordLutz\AppData\Roaming\uTorrent
[2010/08/30 00:57:40 | 000,024,236 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/04/16 18:12:01 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/06/24 13:11:04 | 000,004,957 | RH-- | M] () -- C:\dell.sdr
[2010/04/16 14:40:37 | 3486,007,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 02:57:01 | 000,007,955 | ---- | M] () -- C:\ijjiFFPlugin.log
[2010/02/19 16:54:48 | 000,000,193 | ---- | M] () -- C:\Install.log
[2009/04/14 18:20:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/18 22:18:36 | 000,197,442 | ---- | M] () -- C:\MGlogs.zip
[2009/04/14 18:20:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/05/17 13:16:48 | 000,000,000 | ---- | M] () -- C:\NdoorsLog.txt
[2010/08/30 08:06:41 | 3533,246,463 | -HS- | M] () -- C:\pagefile.sys
[2010/02/20 06:50:32 | 000,002,864 | ---- | M] () -- C:\RHDSetup.log
[2010/09/06 05:54:25 | 000,000,358 | ---- | M] () -- C:\rkill.log
[2010/04/16 11:41:16 | 000,000,144 | ---- | M] () -- C:\service.log
[2008/06/25 06:34:06 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\Fonts\*.com >
[2006/11/02 10:05:44 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:05:44 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:05:44 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/04/22 08:05:43 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:14 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/23 20:40:11 | 000,000,221 | -HS- | M] () -- C:\Users\LordLutz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/04/16 19:44:29 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Users\LordLutz\Desktop\HijackThis.exe
[2010/07/03 23:05:31 | 000,867,892 | ---- | M] () -- C:\Users\LordLutz\Desktop\SecurityCheck.exe
[2010/07/03 23:05:05 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\LordLutz\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2006/11/02 10:03:11 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/04/23 20:39:06 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/04/23 20:38:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/04/23 20:38:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/04/23 20:38:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/04/23 20:38:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/04/23 20:38:36 | 001,056,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/04/16 15:35:28 | 000,000,402 | -HS- | M] () -- C:\Users\LordLutz\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/04 23:31:08 | 000,062,101 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %USERPROFILE%\Templates\*.* >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >


OTL Extras logfile created on: 9/6/2010 5:55:56 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\LordLutz\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 59.00% Memory free
14.00 Gb Paging File | 12.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.05 Gb Total Space | 174.78 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 479.74 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 8.94 Gb Free Space | 89.45% Space Free | Partition Type: NTFS
Drive F: | 182.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEONYSTUDIOS
Current User Name: LordLutz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\LordLutz\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = CD 0D 41 AD 4E E3 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049E9BD2-65B7-4494-8888-5E31D884A89E}" = rport=139 | protocol=6 | dir=out | app=system |
"{114667E6-7843-46DA-9C79-DEBE98FD2304}" = lport=56977 | protocol=17 | dir=in | name=pando media booster |
"{148F221A-D41A-4A61-ACB2-A8D923E6B557}" = lport=445 | protocol=6 | dir=in | app=system |
"{15D47DB6-574E-43AF-8D65-233B76A25842}" = lport=80 | protocol=17 | dir=in | name=ffxiii |
"{1C6B45B0-C190-4E50-A929-9FAB676E0DDE}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FE41C0B-0527-4EB8-AFB7-34ECE709B05B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{22B84290-44C3-4036-893B-AF2932FD0784}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2429C816-B334-400B-A467-99AA71ED8D01}" = rport=138 | protocol=17 | dir=out | app=system |
"{24DD2CAC-B81E-42EF-AF48-CCAB56D48A19}" = rport=137 | protocol=17 | dir=out | app=system |
"{25EFDFD0-1460-406A-A93E-E13C2CD1E779}" = lport=56977 | protocol=6 | dir=in | name=pando media booster |
"{45D92DF6-FA61-4821-816C-FFED1297DBFB}" = lport=56977 | protocol=17 | dir=in | name=pando media booster |
"{4C74BB59-9E6E-41D5-AFBC-67CAACF65DEC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{52B6A766-1DF0-4CDA-8FBB-18F32074E49B}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{84CCDC62-787F-405D-8A68-E6C0DBA0C71F}" = lport=52186 | protocol=6 | dir=in | name=akamai netsession interface |
"{95B58DF6-BC55-44C0-8DBA-FB355B06826C}" = lport=137 | protocol=17 | dir=in | app=system |
"{98BB0B7C-FE14-4716-BDDD-34D927B20C56}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A742B4F2-A9E1-44ED-857D-6851532722FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9E88BB9-CD32-4BDC-88F3-3FE3948399FD}" = lport=139 | protocol=6 | dir=in | app=system |
"{BA3CEF5E-50FF-49EF-AF3D-7BB3E72759AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBB6347C-91EC-42F9-B955-745F52DAA436}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE47DF8F-D692-427B-AB72-4D231D1E0688}" = lport=56977 | protocol=6 | dir=in | name=pando media booster |
"{C22A4854-5B09-4A4D-807C-9C8BC23F9E9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CE0F8C3D-6B34-4D03-89A2-E2A172324115}" = lport=138 | protocol=17 | dir=in | app=system |
"{D8C7AE2B-39EE-45C5-B47C-7FBEF7C3F563}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D97C140C-DEB9-418B-B688-1DCAFEDAF5AE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FA1AAB0B-8040-429B-8BA3-87ACEAA4EB00}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FF45F33F-9282-4DB0-AC22-F48CAC548805}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01844558-128E-4626-B02E-ED5E60CC2C92}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0B321A97-1E0D-43A1-AF37-B4FA25C0C714}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"{0D2A9824-64B5-4067-82CD-70E74770B36D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1209049D-7DBC-47C2-BF0D-30CF65B51374}" = protocol=6 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\lightmapper\eclipseray.exe |
"{13F1EE12-1EF4-491C-B856-60F497ECAE85}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{205963C3-95D5-488B-8F06-39AB4A5B815A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{23ACED65-7C69-48BF-9C65-217D59AF9A87}" = protocol=6 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\bin_ship\daupdatersvc.service.exe |
"{258F4934-3664-4B9F-885E-BD9A4209CB6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27D72824-C915-47D2-B7A5-B0CADCA0FBF3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2CB5D060-DD25-431A-BC63-E40EA2C752BD}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{39BF98DA-7491-43D0-8AB2-7EBDB839DD06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3CA8F4DC-E41A-48C6-8FE8-3B8385E61EFD}" = protocol=6 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\rpu.exe |
"{3D727448-04A5-4D8C-A82A-05AADE1E9CBB}" = protocol=17 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\daoriginslauncher.exe |
"{3DCDE764-30D3-44A1-97F9-1A71D0BC5353}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{455357E8-6FC4-457A-9514-B3050B228C8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47618B1F-C0DB-4DBE-BA95-00AB5F387E44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4CEDD5C6-C77E-4AB6-ABEC-844DB964F63E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4CFAB27D-70DB-4F4F-AF0E-9B410EC538C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D53A287-930D-4F05-8F03-D45BF286EF40}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{4EAA4152-C2DC-4474-A2E5-518721CAEE74}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
"{51CF9AF9-BB27-4573-BBEE-4C1E134168ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{521DEA95-B754-4C7E-8D11-9D81B373F8E2}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{54DC783E-6A5F-415E-AF58-41AAB7A45371}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EB81364-B061-46A5-93CB-0DA229F26015}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{6014F1C1-1DFF-4A30-844D-09E049873E60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6454F5FC-12A3-4244-B2A9-51F37110DD73}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{667376FE-51B1-4423-95E2-B3385F49DAAD}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{68DF289D-9E80-40D4-8628-2BDABEBC97DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69F795B9-B83F-4810-96A9-FE93FD656469}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D005003-45A5-4EF8-9FEF-8D3F0DF59FC5}" = protocol=6 | dir=in | app=c:\program files\utorrent.exe |
"{6ED4B406-0140-4D66-99C2-D29B776E246C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7002F8CD-9A14-4CEC-9439-49BCED2ECAE5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{714BDBA7-A64B-4577-A3A2-4642535CBE8C}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"{71ECA6DD-EC2C-41F6-A8B6-60B4EFA2A661}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{72AC8194-226A-4252-949F-1621EAD0357C}" = protocol=6 | dir=in | app=c:\users\lordlutz\appdata\local\temp\blizzard installer bootstrap - 1611e16c\installer.exe |
"{74730DD8-739E-4C26-8A0C-83C4DF4798F1}" = protocol=17 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\dragonagetoolset.exe |
"{747FA0CA-2D47-4ED7-B94F-E5DEAA9BE64E}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{77F739FE-02AA-4C2A-973B-B9DEFB4EFDAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7AE12FF7-ACD0-4F66-80DD-8F6BC7238C39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B193C8F-8FA3-4358-B9C0-2A660154E099}" = protocol=17 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\gffeditor.exe |
"{7B39D7E9-D472-400D-8D61-8F6B213123D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C647992-131F-4CD9-9907-C2A94A7FB09F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C796D12-ADCE-42DB-B73F-AF56BAECE8DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7D2E1530-B9AF-4DF5-A181-EFCFCE2D5476}" = protocol=17 | dir=in | app=d:\squareenix\final fantasy xiv beta version\ffxivboot.exe |
"{7FD8D5F9-C877-46FA-B1DF-A9E9E6059C98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7FFA8496-9DDF-4E8E-9293-B65AB0A653C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81682799-9F76-489C-A94A-08B6A3FC9E41}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{829B5D7F-CCEE-4641-85B3-C239CEE23214}" = protocol=6 | dir=in | app=d:\starcraft ii beta\starcraft ii.exe |
"{85224944-27A8-46CE-81DD-1721972232E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{85831821-FDF7-4A8C-A140-CDDB56766FDE}" = protocol=6 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\daoriginslauncher.exe |
"{8A3ABD08-9DCF-49AE-86BD-8321E890842C}" = protocol=17 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\bin_ship\daorigins.exe |
"{8AF9A0E4-40F4-4E7D-A6EC-F9588D80DB72}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{959A8CE9-E570-4EE4-B280-504F22C3061F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{96345A18-D3FD-43CE-A8AD-01374DE53127}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{99D1CC7B-61D8-4EC7-9377-D0AD901DB7A8}" = protocol=17 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\lightmapper\eclipseray.exe |
"{9A30A750-884F-4022-B84E-0E02BE308564}" = protocol=17 | dir=in | app=c:\users\lordlutz\appdata\local\temp\blizzard installer bootstrap - 1611e16c\installer.exe |
"{9BFE8642-D1B3-4E3A-8C31-F5834927D75B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9D735DB5-B487-4834-BA30-3C6CE146B737}" = protocol=6 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\gffeditor.exe |
"{9EF42003-0F2F-48F6-B1B7-3A43C065286E}" = protocol=17 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\rpu.exe |
"{A4F3413E-739B-4F2B-8EA2-129E3D16E65C}" = protocol=6 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\erfeditor.exe |
"{A77B8314-3C2E-428D-A1D8-FC2AD7BDF1B1}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
"{A7894603-378A-45CE-A97C-FF6D80862A15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB888635-322B-4BDA-A700-9F04B6E8F26C}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{AF51FAD2-EAB1-4B9F-A766-648750BB565B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B54340CF-3715-462B-9E74-2E89E8C1BA66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7DD164E-684D-4AA1-B946-31DE3F5D397D}" = protocol=17 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\erfeditor.exe |
"{B9C20373-5A87-4B58-AE6A-63293B00360D}" = protocol=6 | dir=in | app=d:\squareenix\final fantasy xiv beta version\ffxivboot.exe |
"{B9D73979-BBA6-4488-950D-766F12C26A47}" = protocol=6 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\bin_ship\daorigins.exe |
"{BA2196A1-D979-45BA-BC1F-F2415BCBAE21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1558248-73E4-4DA8-AB5A-34C01A93E4DE}" = protocol=17 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\bin_ship\daupdatersvc.service.exe |
"{C279C03E-B5F3-4CE3-9C06-46F18E75E664}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C60A6291-1581-4AF0-9B9E-0B6589C13831}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7780A35-2D2A-4A89-B245-5627F96FE4A5}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{CBA0AD35-CA40-480C-9574-D50583393731}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D5B6D2C3-377B-4362-A25A-CC3246CC99B1}" = protocol=17 | dir=in | app=c:\program files\utorrent.exe |
"{D60A2243-9DCA-48F8-A0E0-D23588DBA3C6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D80CA27E-E4BE-4BC8-B444-6DEFF9D47A1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D96E928D-A444-4FA5-8CB2-AEA608690A35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DFAB8A53-FB45-4031-8940-8C4241162AC3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E3C905BA-7573-435C-B6AC-6F2B39A24E3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC19A3A9-8B01-4D06-B4CD-71B3425B637E}" = protocol=6 | dir=in | app=c:\users\lordlutz\documents\bioware\dragon age\tools\dragonagetoolset.exe |
"{EF06E8B9-80B9-4C80-8A1E-BD47CD1EACE7}" = protocol=17 | dir=in | app=d:\starcraft ii beta\starcraft ii.exe |
"{F0B073E7-B237-4628-863D-7E73A5DF834C}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F2DB470E-0770-4FBE-8259-E513C98F5A54}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F4635A0E-FBE1-4D88-B2BF-866540C9CD46}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{FB44BA8F-E1A3-4CA7-96E8-37063558A5DE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FE5E674B-912E-4005-9B20-D2F0B471B49C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{84E41D59-1B6E-47B7-AA4D-C9E6D47471AD}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{CFB4E9A5-C2A6-481A-A084-F99D0E0A4E86}C:\windows\syswow64\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"TCP Query User{D2DC775A-4863-4651-87CB-AD0C904C2A79}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{D62F1EA4-9CB8-4416-84AD-D22D4FAAD102}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{069B4C3A-6995-4A3D-AA94-E9598ECC48A5}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{457121E3-8C28-4443-95B9-9960ADE81D4E}C:\windows\syswow64\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"UDP Query User{7025A754-72AB-43D4-B8EC-8312951BB468}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{ACE2A411-C798-4842-9BCA-272C06F5B3AF}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8F790958-2107-48F2-88E0-B352A0C225AB}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{61563672-84C4-47A2-A037-B4322C38FFCE}" = Manga Studio EX 4.0
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{93EA1128-1095-4316-ACB4-3E9E31B8FFCC}" = Aion
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"AstrumNival Allods" = Allods Online 1.0.05.41
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CosmicBreak_eng" = CosmicBreak_eng
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GAMESCAMPUSSOULMASTER" = SoulMaster
"Google Desktop" = Google Desktop
"Legendary Champions" = Legendary Champions
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft DirectX SDK (February 2010)" = Microsoft DirectX SDK (February 2010)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Portforward Static IP Address" = Portforward Static IP Address 1.0.44
"StarCraft II Beta" = StarCraft II Beta
"Trickster Online" = Trickster Online
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2010 1:45:06 AM | Computer Name = PeonyStudios | Source = Application Error | ID = 1000
Description = Faulting application trillian.exe, version 4.2.0.22, time stamp 0x4c6f42f8,
faulting module trilliang15.dll_unloaded, version 0.0.0.0, time stamp 0x44affa24,
exception code 0xc0000005, fault offset 0x04d047e6, process id 0x138c, application
start time 0x01cb4800ed153120.

Error - 8/30/2010 9:06:56 AM | Computer Name = PeonyStudios | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2010 11:40:55 AM | Computer Name = PeonyStudios | Source = Application Error | ID = 1000
Description = Faulting application trillian.exe, version 4.2.0.22, time stamp 0x4c6f42f8,
faulting module trilliang15.dll_unloaded, version 0.0.0.0, time stamp 0x44affa24,
exception code 0xc0000005, fault offset 0x04c947e6, process id 0x1218, application
start time 0x01cb48446e89af33.

Error - 8/31/2010 1:30:32 AM | Computer Name = PeonyStudios | Source = Application Error | ID = 1000
Description = Faulting application trillian.exe, version 4.2.0.22, time stamp 0x4c6f42f8,
faulting module trilliang15.dll_unloaded, version 0.0.0.0, time stamp 0x44affa24,
exception code 0xc0000005, fault offset 0x04ca47e6, process id 0xd08, application
start time 0x01cb4873f2a9cc33.

Error - 9/4/2010 4:16:31 AM | Computer Name = PeonyStudios | Source = Application Error | ID = 1000
Description = Faulting application Portforward-Setup-Static-IP-Address.exe, version
0.0.0.0, time stamp 0x4a2ae2a2, faulting module ntdll.dll, version 6.0.6002.18005,
time stamp 0x49e03824, exception code 0xc0000005, fault offset 0x0001e61b, process
id 0x788, application start time 0x01cb4c09762a2040.

Error - 9/4/2010 9:24:56 AM | Computer Name = PeonyStudios | Source = Application Error | ID = 1000
Description = Faulting application ffxivgame.exe, version 0.9.1.0, time stamp 0x4c8007f7,
faulting module ffxivgame.exe, version 0.9.1.0, time stamp 0x4c8007f7, exception
code 0xc0000005, fault offset 0x0003b227, process id 0x808, application start time
0x01cb4c1aba6bf8d0.

Error - 9/4/2010 2:18:39 PM | Computer Name = PeonyStudios | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: e04 Start Time: 01cb4b9cbfe924a0 Termination Time: 27

Error - 9/4/2010 2:47:45 PM | Computer Name = PeonyStudios | Source = Application Error | ID = 1000
Description = Faulting application ffxivgame.exe, version 0.9.1.0, time stamp 0x4c8161bf,
faulting module ffxivgame.exe, version 0.9.1.0, time stamp 0x4c8161bf, exception
code 0xc0000005, fault offset 0x005a8326, process id 0xbc4, application start time
0x01cb4c616a2c2dd0.

Error - 9/4/2010 8:38:08 PM | Computer Name = PeonyStudios | Source = Application Error | ID = 1000
Description = Faulting application ffxivgame.exe, version 0.9.1.0, time stamp 0x4c8161bf,
faulting module ffxivgame.exe, version 0.9.1.0, time stamp 0x4c8161bf, exception
code 0xc0000005, fault offset 0x0003aace, process id 0x15ec, application start time
0x01cb4c8c77110e50.

Error - 9/5/2010 12:31:17 AM | Computer Name = PeonyStudios | Source = Application Error | ID = 1000
Description = Faulting application nvcplui.exe, version 2.8.313.10, time stamp 0x4bb7c905,
faulting module nvgames.dll, version 6.14.11.9745, time stamp 0x4bb7e2ac, exception
code 0xc0000417, fault offset 0x00000000000e9070, process id 0x1574, application
start time 0x01cb4cb329132a90.

[ System Events ]
Error - 9/6/2010 5:21:49 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:21:56 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:22:07 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:22:11 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:22:14 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:22:25 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:22:31 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:22:43 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:24:08 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/6/2010 5:24:10 AM | Computer Name = PeonyStudios | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.


< End of report >


#6 Lushy

Lushy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 08 September 2010 - 01:09 PM

Google still redirecting searches and running a bit sluggish.

So far these are the only problems.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 08 September 2010 - 02:42 PM

Hello

sorry for losing you

Run OTL Script

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    CODE
    :OTL
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O32 - AutoRun File - [2009/06/19 08:32:38 | 000,000,046 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{3b09d982-49a5-11df-8ba6-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b09d982-49a5-11df-8ba6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\setup.exe -- [2009/05/12 06:43:59 | 000,124,168 | R--- | M] (Logitech, Inc.)
    O33 - MountPoints2\{6dc94675-554a-11df-92ee-00173fd0de24}\Shell - "" = AutoRun
    O33 - MountPoints2\{6dc94675-554a-11df-92ee-00173fd0de24}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



Create and Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
CODE
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
    Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Lushy

Lushy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 08 September 2010 - 03:21 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b09d982-49a5-11df-8ba6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b09d982-49a5-11df-8ba6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b09d982-49a5-11df-8ba6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b09d982-49a5-11df-8ba6-806e6f6e6963}\ not found.
File move failed. F:\Setup\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dc94675-554a-11df-92ee-00173fd0de24}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dc94675-554a-11df-92ee-00173fd0de24}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dc94675-554a-11df-92ee-00173fd0de24}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dc94675-554a-11df-92ee-00173fd0de24}\ not found.
File G:\Autorun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\LordLutz\Downloads\cmd.bat deleted successfully.
C:\Users\LordLutz\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LordLutz
->Temp folder emptied: 5675964 bytes
->Temporary Internet Files folder emptied: 8524325 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 416016180 bytes
->Flash cache emptied: 21248 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 5247668462 bytes

Total Files Cleaned = 5,415.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: LordLutz
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09082010_151408

Files\Folders moved on Reboot...
File move failed. F:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\Setup\setup.exe scheduled to be moved on reboot.
C:\Users\LordLutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...





Windows IP Configuration

Host Name . . . . . . . . . . . . : PeonyStudios
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-22-3F-F9-EE-5D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6105:3b10:59ea:802a%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.150(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 285221439
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-5A-AF-84-00-17-3F-D0-DE-24
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{6737CE38-300D-4719-BA07-13C8C65E15C9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:cf2e:3096:4a5:319e:3f57:fe69(Preferred)
Link-local IPv6 Address . . . . . : fe80::4a5:319e:3f57:fe69%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 209.85.225.106
209.85.225.105
209.85.225.104
209.85.225.147
209.85.225.103
209.85.225.99

Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76



Pinging google.com [209.85.225.106] with 32 bytes of data:

Reply from 209.85.225.106: bytes=32 time=27ms TTL=53

Reply from 209.85.225.106: bytes=32 time=29ms TTL=53



Ping statistics for 209.85.225.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 29ms, Average = 28ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=37ms TTL=54

Reply from 209.191.122.70: bytes=32 time=34ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 37ms, Average = 35ms

===========================================================================
Interface List
14 ...00 22 3f f9 ee 5d ...... Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{6737CE38-300D-4719-BA07-13C8C65E15C9}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.150 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.150 276
192.168.1.150 255.255.255.255 On-link 192.168.1.150 276
192.168.1.255 255.255.255.255 On-link 192.168.1.150 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.150 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.150 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:cf2e:3096:4a5:319e:3f57:fe69/128
On-link
14 276 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::4a5:319e:3f57:fe69/128
On-link
14 276 fe80::6105:3b10:59ea:802a/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
14 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 08 September 2010 - 03:55 PM

How are things doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Lushy

Lushy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 08 September 2010 - 04:40 PM

My programs are randomly shutting down and erroring out. Something about data protection? I wonder if I woke up something nasty...MBam isn't finding anything though

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 08 September 2010 - 04:52 PM

Let me have a new OTL log please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 11 September 2010 - 09:56 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 14 September 2010 - 02:33 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users