Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches being redirected.


  • This topic is locked This topic is locked
17 replies to this topic

#1 coremediawiz

coremediawiz

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 28 September 2010 - 11:15 AM

Early this morning I noticed that my Google searches were being redirected to a website called scour.com I did not noticed the problem last night when I was using the internet. I left the computer on, like I usually do unless I'm leaving the house. This problem only occurs in Firefox, I haven't encountered the problem with Internet Explorer as of yet.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Alexander at 11:57:47.10 on Tue 09/28/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1848 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alexander\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\program files (x86)\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE
mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files (x86)\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {7D2BE7F5-637C-4122-8042-78FDE5A7A51D} = 68.237.161.12,71.243.0.12
TCP: {f088a2db-4c62-4509-b070-8c8aa76d9589} = 68.237.161.12 71.243.0.12
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\alexan~1\appdata\roaming\mozilla\firefox\profiles\2gfrsuul.default\
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\alexander\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: XULRunner: {84F0AD5C-986E-4A7E-98B7-B43F9FA4C533} - c:\users\alexander\appdata\local\{84f0ad5c-986e-4a7e-98b7-b43f9fa4c533}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-20 55280]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2009-11-20 92160]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 202752]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-2 19544]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys [2010-1-6 24664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1255736]

=============== Created Last 30 ================

2010-09-28 15:41:59 0 d-----w- c:\programdata\Sun
2010-09-28 15:41:52 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-09-28 15:41:52 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-09-28 15:41:52 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-09-28 15:41:52 145184 ----a-w- c:\windows\syswow64\java.exe
2010-09-28 15:31:04 0 d-----w- c:\programdata\NOS
2010-09-24 12:26:42 0 d-----w- c:\program files (x86)\Gokuaku
2010-09-24 12:04:40 0 d-----w- c:\program files (x86)\gokuaku_up_200
2010-09-24 11:37:17 0 d-----w- c:\program files (x86)\ICHAZURA
2010-09-17 06:44:00 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-17 01:37:27 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-29 20:03:07 13373440 ----a-w- c:\program files (x86)\School Mate 2 Special.exe
2010-08-29 20:00:25 0 d-----w- c:\program files (x86)\manual
2010-08-29 20:00:25 0 d-----w- c:\program files (x86)\data

==================== Find3M ====================

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-17 08:29:38 13369344 ----a-w- c:\program files (x86)\????????2 ???!.exe
2010-03-24 00:45:32 225280 ----a-w- c:\program files (x86)\ilnsys32.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-03-28 08:35:15 196608 ----a-w- c:\program files (x86)\ssleay32.dll
2007-03-28 08:35:00 962560 ----a-w- c:\program files (x86)\libeay32.dll
2003-02-20 19:42:22 348160 ----a-w- c:\program files (x86)\msvcr71.dll
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-29 09:59:26 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-06 19:15:49 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-04-06 19:15:49 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-04-06 19:15:49 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:58:02.55 ===============

Thank you for your time and cooperation.

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:41 AM

Posted 02 October 2010 - 09:55 AM

uTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\System32\Wbem\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 coremediawiz

coremediawiz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 02 October 2010 - 12:52 PM

OTL.txt

OTL logfile created on: 10/2/2010 1:46:15 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Alexander\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 42.54 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (SafeList) ==========

MOD - [2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
MOD - [2010/03/08 17:33:56 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
MOD - [2009/07/13 21:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/13 21:16:19 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
MOD - [2009/07/13 21:16:17 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll
MOD - [2009/07/13 21:16:17 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
MOD - [2009/07/13 21:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
MOD - [2009/07/13 21:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
MOD - [2009/07/13 21:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2009/07/13 21:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009/07/13 21:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll
MOD - [2009/07/13 21:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/07/13 21:15:21 | 000,093,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
MOD - [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 23:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/31 15:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/20 00:13:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\43E3.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMDrvService)
DRV:64bit: - [2009/11/24 23:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/28 03:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/09/10 00:03:56 | 000,017,200 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mbam.sys -- (MBAMDrvService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://g.msn.com/uscon/1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}:1.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}: C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\ [2010/09/22 17:49:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/01 18:28:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/01 18:28:00 | 000,000,000 | ---D | M]

[2010/09/28 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
[2010/09/28 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\2gfrsuul.default\extensions
[2010/10/01 18:38:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/28 11:41:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/31 12:41:45 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/01/06 04:26:15 | 000,371,323 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12797 more lines...
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Value error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\GoToAssist: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f5baa0e-219b-11df-a89b-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{0f5baa0e-219b-11df-a89b-00256482cdde}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{1bcc75b2-e060-11de-8669-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{1bcc75b2-e060-11de-8669-00256482cdde}\Shell\AutoRun\command - "" = F:\Family_Project_Setup.exe -- File not found
O33 - MountPoints2\{1bcc75d7-e060-11de-8669-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{1bcc75d7-e060-11de-8669-00256482cdde}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.EXE -- File not found
O33 - MountPoints2\I\Shell\configure\command - "" = I:\setup.EXE -- File not found
O33 - MountPoints2\I\Shell\install\command - "" = I:\setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/02 13:35:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/10/01 11:43:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Electronic Arts
[2010/09/29 03:01:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/29 03:00:26 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/28 15:54:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Family Project
[2010/09/28 11:42:44 | 006,275,448 | ---- | C] (Microsoft Corporation) -- C:\Users\Alexander\Desktop\Silverlight.exe
[2010/09/28 11:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/28 11:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/28 11:41:52 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/28 11:41:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/28 11:41:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/28 11:41:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/28 11:39:41 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Mozilla
[2010/09/28 11:39:41 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Mozilla
[2010/09/28 11:23:20 | 008,534,336 | ---- | C] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.10.exe
[2010/09/24 08:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gokuaku
[2010/09/24 08:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gokuaku_up_200
[2010/09/24 07:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICHAZURA
[2010/09/24 07:14:06 | 155,497,466 | ---- | C] (Inquisitor ) -- C:\Users\Alexander\Desktop\Ichazura HF Patch.exe
[2010/09/22 17:49:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}
[2010/09/17 02:44:00 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/29 16:03:07 | 013,373,440 | ---- | C] (illusion) -- C:\Program Files (x86)\School Mate 2 Special.exe
[2010/03/23 20:45:32 | 000,225,280 | ---- | C] (illusion) -- C:\Program Files (x86)\ilnsys32.dll
[2003/02/20 15:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr71.dll

========== Files - Modified Within 30 Days ==========

[2010/10/02 13:46:26 | 007,864,320 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT
[2010/10/02 13:44:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 13:44:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 13:43:27 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/02 13:43:27 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/02 13:43:27 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/02 13:36:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/02 13:36:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/02 13:36:39 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 13:36:07 | 008,752,534 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010/10/02 13:35:59 | 000,000,200 | ---- | M] () -- C:\Users\Alexander\defogger_reenable
[2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/10/01 11:11:52 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3 World Adventures.lnk
[2010/10/01 06:43:28 | 003,841,899 | ---- | M] () -- C:\Users\Alexander\Desktop\Rachels-Ch. 13.pdf
[2010/09/30 16:35:14 | 000,064,462 | ---- | M] () -- C:\Users\Alexander\Desktop\Syllabus-Ethics and Law-Fall 2010.rtf
[2010/09/30 12:34:04 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2010/09/29 06:33:06 | 006,748,491 | ---- | M] () -- C:\Users\Alexander\Desktop\Mill-Utilitarianism.pdf
[2010/09/28 11:50:28 | 000,284,915 | ---- | M] () -- C:\Users\Alexander\Desktop\gmer.zip
[2010/09/28 11:49:26 | 000,525,824 | ---- | M] () -- C:\Users\Alexander\Desktop\dds.scr
[2010/09/28 11:42:57 | 006,275,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Alexander\Desktop\Silverlight.exe
[2010/09/28 11:39:39 | 000,001,925 | ---- | M] () -- C:\Users\Alexander\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/28 11:39:39 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/28 11:23:20 | 008,534,336 | ---- | M] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.10.exe
[2010/09/24 07:26:12 | 155,497,466 | ---- | M] (Inquisitor ) -- C:\Users\Alexander\Desktop\Ichazura HF Patch.exe
[2010/09/22 20:04:29 | 000,007,608 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2010/09/22 17:49:08 | 000,000,120 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Wbixafu.dat
[2010/09/22 17:49:08 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin
[2010/09/22 07:02:45 | 004,075,309 | ---- | M] () -- C:\Users\Alexander\Desktop\Rousseau- The Social Contract.pdf
[2010/09/14 06:07:14 | 000,327,874 | ---- | M] () -- C:\Users\Alexander\Desktop\Kant-Groundwork for the Metaphysics of Morals.pdf

========== Files Created - No Company Name ==========

[2010/10/02 13:35:59 | 000,000,200 | ---- | C] () -- C:\Users\Alexander\defogger_reenable
[2010/10/01 11:11:52 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3 World Adventures.lnk
[2010/10/01 06:43:01 | 003,841,899 | ---- | C] () -- C:\Users\Alexander\Desktop\Rachels-Ch. 13.pdf
[2010/09/30 16:35:21 | 000,064,462 | ---- | C] () -- C:\Users\Alexander\Desktop\Syllabus-Ethics and Law-Fall 2010.rtf
[2010/09/30 12:34:04 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2010/09/29 06:32:42 | 006,748,491 | ---- | C] () -- C:\Users\Alexander\Desktop\Mill-Utilitarianism.pdf
[2010/09/28 11:58:41 | 000,293,376 | ---- | C] () -- C:\Users\Alexander\Desktop\gmer.exe
[2010/09/28 11:50:32 | 000,284,915 | ---- | C] () -- C:\Users\Alexander\Desktop\gmer.zip
[2010/09/28 11:49:26 | 000,525,824 | ---- | C] () -- C:\Users\Alexander\Desktop\dds.scr
[2010/09/28 11:39:39 | 000,001,925 | ---- | C] () -- C:\Users\Alexander\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/28 11:39:39 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/22 17:49:08 | 000,000,120 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Wbixafu.dat
[2010/09/22 17:49:08 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin
[2010/09/22 07:02:23 | 004,075,309 | ---- | C] () -- C:\Users\Alexander\Desktop\Rousseau- The Social Contract.pdf
[2010/09/14 06:07:18 | 000,327,874 | ---- | C] () -- C:\Users\Alexander\Desktop\Kant-Groundwork for the Metaphysics of Morals.pdf
[2010/05/08 15:54:38 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/06 19:10:31 | 000,564,224 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010/03/18 04:21:38 | 000,007,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2010/03/03 14:31:46 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\wklnhst.dat
[2010/03/01 05:28:20 | 000,001,512 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/21 09:37:39 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\DataSafeDotNet.exe
[2010/01/16 03:33:02 | 000,000,233 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010/01/04 15:25:14 | 000,101,376 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/04 18:01:53 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/04 18:01:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/04 18:01:52 | 001,559,040 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/04 18:01:52 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/04 18:01:52 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/04 18:01:52 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/12/03 19:16:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/20 02:07:19 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/20 02:07:19 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/03/28 04:35:15 | 000,196,608 | ---- | C] () -- C:\Program Files (x86)\ssleay32.dll
[2007/03/28 04:35:00 | 000,962,560 | ---- | C] () -- C:\Program Files (x86)\libeay32.dll
[2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/13 13:13:09 | 001,391,104 | ---- | M] () -- C:\apploc.msi
[2009/11/20 01:59:50 | 000,003,510 | RH-- | M] () -- C:\dell.sdr
[2010/10/02 13:36:39 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/01 11:17:19 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/08/20 01:20:27 | 000,052,996 | ---- | M] () -- C:\okz12_execlog.txt
[2010/08/20 12:05:39 | 000,049,386 | ---- | M] () -- C:\okz13_execlog.txt
[2010/10/02 13:36:41 | 4293,976,064 | -HS- | M] () -- C:\pagefile.sys
[2010/01/06 11:53:40 | 000,001,590 | ---- | M] () -- C:\TDSSKiller.2.1.1_06.01.2010_10.53.40_log.txt
[2010/01/06 11:54:24 | 000,001,590 | ---- | M] () -- C:\TDSSKiller.2.1.1_06.01.2010_10.54.24_log.txt
[2010/01/06 11:54:28 | 000,001,590 | ---- | M] () -- C:\TDSSKiller.2.1.1_06.01.2010_10.54.28_log.txt
[2010/01/07 09:59:43 | 000,001,590 | ---- | M] () -- C:\TDSSKiller.2.1.1_07.01.2010_08.59.43_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 14:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2010/03/23 20:45:32 | 000,225,280 | ---- | M] (illusion) -- C:\Program Files (x86)\ilnsys32.dll
[2007/03/28 04:35:00 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\libeay32.dll
[2003/02/20 15:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr71.dll
[2010/06/28 15:11:22 | 013,373,440 | ---- | M] (illusion) -- C:\Program Files (x86)\School Mate 2 Special.exe
[2007/03/28 04:35:15 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\ssleay32.dll

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/03 17:40:11 | 000,000,221 | -HS- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/01/07 09:51:04 | 000,050,621 | ---- | M] () -- C:\Users\Alexander\Desktop\Defogger.exe
[2010/01/29 19:07:34 | 001,271,984 | ---- | M] () -- C:\Users\Alexander\Desktop\dgca_v110.exe
[2010/03/15 12:23:37 | 022,098,480 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Alexander\Desktop\eadm-installer.exe
[2010/09/28 11:23:20 | 008,534,336 | ---- | M] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.10.exe
[2010/04/06 15:43:10 | 008,354,440 | ---- | M] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.3.exe
[2010/06/27 23:39:32 | 008,589,088 | ---- | M] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.6.exe
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Alexander\Desktop\gmer.exe
[2010/09/24 07:26:12 | 155,497,466 | ---- | M] (Inquisitor ) -- C:\Users\Alexander\Desktop\Ichazura HF Patch.exe
[2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/08/17 05:49:10 | 034,456,880 | ---- | M] (Apple Inc.) -- C:\Users\Alexander\Desktop\QuickTimeInstaller.exe
[2010/09/28 11:42:57 | 006,275,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Alexander\Desktop\Silverlight.exe
[2010/04/11 02:21:21 | 018,499,623 | ---- | M] () -- C:\Users\Alexander\Desktop\vlc-1.0.5-win32.exe
[2010/07/13 19:42:48 | 019,495,102 | ---- | M] () -- C:\Users\Alexander\Desktop\vlc-1.1.0-win32.exe
[2010/07/28 13:54:27 | 019,473,201 | ---- | M] () -- C:\Users\Alexander\Desktop\vlc-1.1.1-win32.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2003/06/13 18:23:00 | 000,004,304 | ---- | M] () -- C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 07:53:51 | 000,000,402 | -HS- | M] () -- C:\Users\Alexander\Favorites\desktop.ini
[2010/01/18 19:29:09 | 000,000,290 | ---- | M] () -- C:\Users\Alexander\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\System32\Wbem\*.* >
[2009/06/10 17:14:40 | 000,001,261 | ---- | M] () -- C:\Windows\SysWOW64\wbem\aaclient.mof
[2009/06/10 17:27:50 | 000,001,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\authfwcfg.mof
[2009/06/10 17:15:23 | 000,003,007 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplayapi.mof
[2009/07/13 16:49:02 | 000,002,544 | ---- | M] () -- C:\Windows\SysWOW64\wbem\auxiliarydisplaycpl.mof
[2009/06/10 17:46:51 | 000,002,626 | ---- | M] () -- C:\Windows\SysWOW64\wbem\BthMtpEnum.mof
[2009/07/13 16:34:51 | 000,032,626 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cli.mof
[2009/07/13 16:34:51 | 002,815,350 | ---- | M] () -- C:\Windows\SysWOW64\wbem\cliegaliases.mof
[2009/06/10 17:46:24 | 000,000,693 | ---- | M] () -- C:\Windows\SysWOW64\wbem\DevicePairingHandler.mof
[2009/06/10 17:43:44 | 000,001,239 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsjob.mof
[2009/06/10 17:43:46 | 000,001,284 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dimsroam.mof
[2009/06/10 17:20:02 | 000,006,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\dot3.mof
[2009/06/10 17:46:13 | 000,003,685 | ---- | M] () -- C:\Windows\SysWOW64\wbem\drvinst.mof
[2009/06/10 17:20:37 | 000,001,197 | ---- | M] () -- C:\Windows\SysWOW64\wbem\DShowRdpFilter.mof
[2009/06/10 17:42:35 | 000,001,300 | ---- | M] () -- C:\Windows\SysWOW64\wbem\eaimeapi.mof
[2009/07/13 21:15:19 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\esscli.dll
[2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
[2009/06/10 17:46:24 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdSSDP.mof
[2009/06/10 17:34:15 | 000,000,716 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWNet.mof
[2009/06/10 17:46:24 | 000,000,656 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fdWSD.mof
[2009/06/10 17:29:21 | 000,001,913 | ---- | M] () -- C:\Windows\SysWOW64\wbem\firewallapi.mof
[2009/06/10 17:34:09 | 000,000,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\FunDisc.mof
[2009/06/10 17:29:08 | 000,001,081 | ---- | M] () -- C:\Windows\SysWOW64\wbem\fwcfg.mof
[2009/07/13 16:49:12 | 000,482,504 | ---- | M] () -- C:\Windows\SysWOW64\wbem\hbaapi.mof
[2009/06/10 17:22:56 | 000,032,098 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-Base.mof
[2009/06/10 17:22:57 | 000,002,073 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-FileSystemSupport.mof
[2009/06/10 17:22:57 | 000,000,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\IMAPIv2-LegacyShim.mof
[2009/06/10 17:28:35 | 000,001,278 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ipsecsvc.mof
[2009/07/13 16:49:14 | 000,019,872 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsidsc.mof
[2009/07/13 16:49:12 | 000,111,923 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsihba.mof
[2009/07/13 16:49:15 | 000,046,042 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsiprf.mof
[2009/07/13 16:49:15 | 000,004,503 | ---- | M] () -- C:\Windows\SysWOW64\wbem\iscsirem.mof
[2009/06/10 17:40:20 | 000,008,758 | ---- | M] () -- C:\Windows\SysWOW64\wbem\kerberos.mof
[2009/06/10 17:24:47 | 000,001,570 | ---- | M] () -- C:\Windows\SysWOW64\wbem\l2gpstore.mof
[2009/06/10 17:41:38 | 000,002,334 | ---- | M] () -- C:\Windows\SysWOW64\wbem\L2SecHC.mof
[2009/06/10 17:33:12 | 000,013,780 | ---- | M] () -- C:\Windows\SysWOW64\wbem\lsasrv.mof
[2009/06/10 17:13:52 | 000,000,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mmc.mof
[2009/07/13 21:14:24 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofcomp.exe
[2009/07/13 21:15:41 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofd.dll
[2009/06/10 17:28:14 | 000,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof
[2009/06/10 17:29:09 | 000,001,900 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpssvc.mof
[2009/07/13 16:45:27 | 000,001,518 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeeds.mof
[2009/07/13 16:45:27 | 000,001,574 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msfeedsbs.mof
[2009/06/10 17:23:05 | 000,004,599 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msiscsi.mof
[2009/06/10 17:19:00 | 000,001,199 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstsc.mof
[2009/06/10 17:17:44 | 000,002,054 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mstscax.mof
[2009/06/10 17:40:28 | 000,007,721 | ---- | M] () -- C:\Windows\SysWOW64\wbem\msv1_0.mof
[2009/06/10 17:46:43 | 000,001,710 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mswmdm.mof
[2009/06/10 17:29:24 | 000,001,259 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nci.mof
[2009/06/10 17:18:06 | 000,001,131 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ncsi.mof
[2009/06/10 17:32:42 | 000,001,117 | ---- | M] () -- C:\Windows\SysWOW64\wbem\netprofm.mof
[2009/06/10 17:21:09 | 000,000,683 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkitemfactory.mof
[2009/06/10 17:21:27 | 000,000,631 | ---- | M] () -- C:\Windows\SysWOW64\wbem\networkmap.mof
[2009/06/10 17:46:16 | 000,003,681 | ---- | M] () -- C:\Windows\SysWOW64\wbem\newdev.mof
[2009/06/10 17:33:17 | 000,003,914 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlasvc.mof
[2009/06/10 17:29:35 | 000,002,873 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nlsvc.mof
[2009/06/10 17:28:29 | 000,001,266 | ---- | M] () -- C:\Windows\SysWOW64\wbem\nshipsec.mof
[2009/06/10 17:34:10 | 000,004,815 | ---- | M] () -- C:\Windows\SysWOW64\wbem\onex.mof
[2009/06/10 17:34:28 | 000,001,836 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-collab.mof
[2009/06/10 17:34:28 | 000,002,380 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-mesh.mof
[2009/06/10 17:34:28 | 000,002,297 | ---- | M] () -- C:\Windows\SysWOW64\wbem\p2p-pnrp.mof
[2009/06/10 17:46:17 | 000,001,060 | ---- | M] () -- C:\Windows\SysWOW64\wbem\pnpsetup.mof
[2009/06/10 17:28:32 | 000,001,275 | ---- | M] () -- C:\Windows\SysWOW64\wbem\polstore.mof
[2009/06/10 17:46:48 | 000,005,105 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceapi.mof
[2009/06/10 17:46:48 | 000,003,202 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceclassextension.mof
[2009/06/10 17:46:48 | 000,001,777 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledeviceconnectapi.mof
[2009/06/10 17:46:51 | 000,003,490 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicetypes.mof
[2009/06/10 17:47:01 | 000,001,760 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewiacompat.mof
[2009/06/10 17:46:48 | 000,003,092 | ---- | M] () -- C:\Windows\SysWOW64\wbem\portabledevicewmdrm.mof
[2009/06/10 17:40:31 | 000,001,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ppcRsopCompSchema.mof
[2009/06/10 17:40:31 | 000,001,990 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ppcRsopUserSchema.mof
[2009/06/10 17:34:47 | 000,002,302 | ---- | M] () -- C:\Windows\SysWOW64\wbem\qmgr.mof
[2009/07/13 21:16:12 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\RacWmiProv.dll
[2009/07/13 16:29:26 | 000,003,032 | ---- | M] () -- C:\Windows\SysWOW64\wbem\RacWmiProv.mof
[2009/06/10 17:39:54 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rawxml.xsl
[2009/06/10 17:25:06 | 000,001,312 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpcore.mof
[2009/06/10 17:25:22 | 000,001,157 | ---- | M] () -- C:\Windows\SysWOW64\wbem\rdpencom.mof
[2009/07/13 17:45:46 | 000,111,698 | ---- | M] () -- C:\Windows\SysWOW64\wbem\regevent.mof
[2009/06/10 17:18:39 | 000,062,541 | ---- | M] () -- C:\Windows\SysWOW64\wbem\samsrv.mof
[2009/06/10 17:42:55 | 000,004,357 | ---- | M] () -- C:\Windows\SysWOW64\wbem\scersop.mof
[2009/06/10 17:40:42 | 000,001,075 | ---- | M] () -- C:\Windows\SysWOW64\wbem\schannel.mof
[2009/06/10 17:37:43 | 000,002,684 | ---- | M] () -- C:\Windows\SysWOW64\wbem\SchedSvc.mof
[2009/07/13 16:49:02 | 000,002,544 | ---- | M] () -- C:\Windows\SysWOW64\wbem\sensorscpl.mof
[2009/07/14 01:32:32 | 000,083,607 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof
[2009/07/14 01:32:32 | 000,000,896 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel.mof.uninstall
[2009/06/10 17:14:03 | 000,012,702 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel35.mof
[2009/06/10 17:14:03 | 000,000,684 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ServiceModel35.mof.uninstall
[2009/06/10 17:46:18 | 000,003,689 | ---- | M] () -- C:\Windows\SysWOW64\wbem\setupapi.mof
[2009/06/10 17:40:30 | 000,002,583 | ---- | M] () -- C:\Windows\SysWOW64\wbem\ssdpsrv.mof
[2009/07/13 21:16:15 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\stdprov.dll
[2009/06/10 17:15:18 | 000,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof
[2009/06/10 17:39:54 | 000,006,000 | ---- | M] () -- C:\Windows\SysWOW64\wbem\texttable.xsl
[2009/06/10 17:39:54 | 000,002,766 | ---- | M] () -- C:\Windows\SysWOW64\wbem\textvaluelist.xsl
[2009/06/10 17:20:42 | 000,001,236 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tsmf.mof
[2009/06/10 17:40:17 | 000,000,964 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tspkg.mof
[2009/06/10 17:46:23 | 000,003,692 | ---- | M] () -- C:\Windows\SysWOW64\wbem\umpnpmgr.mof
[2009/07/13 16:30:11 | 000,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof
[2009/07/13 21:16:17 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vdswmi.dll
[2009/07/13 21:16:17 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\viewprov.dll
[2009/07/13 16:30:11 | 000,060,468 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof
[2009/07/13 21:16:17 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\vsswmi.dll
[2009/07/13 21:16:17 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemcntl.dll
[2009/07/13 21:16:17 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
[2009/07/13 19:30:03 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.tlb
[2009/07/13 21:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
[2009/07/13 21:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
[2009/06/10 17:40:18 | 000,001,103 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wdigest.mof
[2009/06/10 17:29:23 | 000,001,083 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFAPIGP.mof
[2009/06/10 17:32:34 | 000,000,822 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WFP.MOF
[2009/07/13 17:08:27 | 000,002,136 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wfs.mof
[2009/07/13 16:41:27 | 000,003,146 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WgxInstalledGame.mof
[2009/07/13 17:28:48 | 000,004,120 | ---- | M] () -- C:\Windows\SysWOW64\wbem\whqlprov.mof
[2009/07/13 21:17:54 | 000,102,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\Win32_Tpm.dll
[2009/07/13 16:37:33 | 000,001,756 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wininit.mof
[2009/06/10 17:28:34 | 000,001,270 | ---- | M] () -- C:\Windows\SysWOW64\wbem\winipsec.mof
[2009/07/13 21:14:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WinMgmt.exe
[2009/06/10 17:48:04 | 000,001,545 | ---- | M] () -- C:\Windows\SysWOW64\wbem\Winsat.mof
[2009/06/10 17:48:04 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WinsatUninstall.mof
[2009/06/10 17:41:37 | 000,012,880 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wlan.mof
[2009/07/13 21:14:46 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIADAP.exe
[2009/07/13 21:16:19 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiApRpl.dll
[2009/07/13 21:14:46 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIC.exe
[2009/07/13 21:16:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMICOOKR.dll
[2009/07/13 21:16:19 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiDcPrv.dll
[2009/07/13 21:16:19 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
[2009/06/10 17:31:02 | 000,000,980 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfClass.mof
[2009/07/13 21:16:19 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
[2009/06/10 17:31:03 | 000,000,804 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WmiPerfInst.mof
[2009/07/13 21:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
[2009/07/13 21:16:19 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
[2009/06/10 17:34:42 | 000,004,887 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wmp.mof
[2009/06/10 17:27:13 | 000,001,368 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpc.mof
[2009/07/13 16:40:53 | 000,021,677 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcsprov.mof
[2009/06/10 17:27:11 | 000,000,470 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpcuninst.mof
[2009/06/10 17:46:51 | 000,002,759 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdbusenum.mof
[2009/06/10 17:46:51 | 000,002,821 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdcomp.mof
[2009/06/10 17:46:51 | 000,002,737 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdfs.mof
[2009/06/10 17:46:52 | 000,003,011 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdmtp.mof
[2009/06/10 17:47:00 | 000,003,319 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdshext.mof
[2009/06/10 17:47:00 | 000,003,063 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WPDShServiceObj.mof
[2009/06/10 17:46:49 | 000,002,987 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdsp.mof
[2009/06/10 17:47:00 | 000,003,740 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wpdwcn.mof
[2009/07/13 16:34:57 | 000,005,360 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscenter.mof
[2009/06/10 17:39:43 | 000,001,072 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wscmisetup.mof
[2009/06/10 17:48:33 | 000,002,348 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WSDApi.mof
[2009/06/10 17:40:28 | 000,004,430 | ---- | M] () -- C:\Windows\SysWOW64\wbem\WsmAuto.mof
[2009/06/10 17:22:23 | 000,000,723 | ---- | M] () -- C:\Windows\SysWOW64\wbem\wzcdlg.mof
[2009/06/10 17:39:55 | 000,002,866 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xsl-mappings.xml
[2009/06/10 17:42:07 | 000,001,253 | ---- | M] () -- C:\Windows\SysWOW64\wbem\xwizards.mof

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/08/20 14:24:28 | 000,000,000 | ---D | M](C:\Users\Alexander\Documents\?????) -- C:\Users\Alexander\Documents\あっぷりけ
[2010/08/20 14:24:28 | 000,000,000 | ---D | C](C:\Users\Alexander\Documents\?????) -- C:\Users\Alexander\Documents\あっぷりけ
[2010/08/20 11:01:41 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと
[2010/08/20 11:01:41 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと
[2010/08/14 23:51:13 | 000,039,814 | ---- | C] ()(C:\Users\Alexander\Documents\[100723] [BaseSon] ?????~???~ [No Activation + No DVD Patch].torrent) -- C:\Users\Alexander\Documents\[100723] [BaseSon] 真・恋姫無双~萌将伝~ [No Activation + No DVD Patch].torrent
[2010/08/14 23:51:10 | 000,039,814 | ---- | M] ()(C:\Users\Alexander\Documents\[100723] [BaseSon] ?????~???~ [No Activation + No DVD Patch].torrent) -- C:\Users\Alexander\Documents\[100723] [BaseSon] 真・恋姫無双~萌将伝~ [No Activation + No DVD Patch].torrent
[2010/06/17 04:29:38 | 013,369,344 | ---- | M] (illusion)(C:\Program Files (x86)\???~????2 ???!.exe) -- C:\Program Files (x86)\すくぅ~るメイト2 ぷらす!.exe
[2010/06/17 04:29:38 | 013,369,344 | ---- | C] (illusion)(C:\Program Files (x86)\???~????2 ???!.exe) -- C:\Program Files (x86)\すくぅ~るメイト2 ぷらす!.exe
(C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Extra.txt

OTL Extras logfile created on: 10/2/2010 1:46:15 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Alexander\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 42.54 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- C:\PROGRA~2\MICROS~2\Office\FRONTPG.EXE (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- C:\PROGRA~2\MICROS~2\Office\FRONTPG.EXE (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{257F446A-01ED-739C-16B8-237498DEDDDF}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0301AC02-D87B-27E9-9429-7E4BB52D9183}" = CCC Help German
"{03ABC33C-10B1-400E-B1FA-E817FE98D11C}" = YUME MIRU KUSURI
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0687D86F-B8D9-4CC1-AA98-0ED81B3CA0AD}" = ILLUSION すくぅ~るメイト2 ぷらす!
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{1350DD04-57AD-6278-3F4D-D4281EEE7C5C}" = Catalyst Control Center Graphics Full New
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A6842E0-3047-BD62-9A28-5A7743D88E2A}" = Catalyst Control Center InstallProxy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 21
"{305CAF40-92F0-12ED-8B28-926B011788E4}" = CCC Help Spanish
"{34D6DE28-4FD0-9CCA-CDB4-316F7B3B30B5}" = CCC Help Portuguese
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{46B69F5F-E77D-49DE-9729-0F562564A15E}" = ILLUSION すくぅ~るメイト2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5089AEEE-052D-B75F-0B92-7CF981403025}" = Catalyst Control Center Graphics Light
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{52ABC760-CAFC-4FCD-A0AA-5661366199D5}" = ILLUSION SchoolMate
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{54741B98-6335-43A1-C716-25B0A3C4016C}" = Catalyst Control Center Graphics Previews Common
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B94A120-16E7-6034-7494-22285B471EDE}" = CCC Help Hungarian
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E9D082B-F681-64AB-48B4-F3EC05D3A83F}" = CCC Help Chinese Traditional
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81CB0C83-5928-3387-AB23-10EC5F767FA8}" = CCC Help Turkish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B1C55-76D0-0DA3-8C12-10596CBB15BD}" = CCC Help Italian
"{846D0802-8606-7452-85FF-A71EB1B8AD6D}" = Catalyst Control Center Localization All
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DCE118A-1F3C-B056-D2A8-F832523C357C}" = CCC Help English
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96B1A291-2654-4415-59B4-AC90D29C3E1E}" = Catalyst Control Center Core Implementation
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A968BD3-88AF-B4D0-CA9A-78F4EF9FA23B}" = CCC Help Chinese Standard
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F0B447F-7E14-4BB9-BCFE-1D5C06F7EE35}" = Artificial Girl 3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A52D8A45-B3A1-0022-B096-A0033B03E01F}" = Catalyst Control Center Graphics Full Existing
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE3BFAC5-A07A-7845-C576-0CB832E4B0AD}" = Skins
"{B09A1EC8-4EE2-448C-AB37-981BBECF04B2}" = 黄昏のシンセミア
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B49744D5-04C3-4A43-A546-88231D16EF80}" = 3D Custom Girl
"{B4ECB428-6A8D-8D53-4E76-1CEE7AC4BF32}" = CCC Help French
"{B76D6D09-16D6-DF95-F7D7-2565E88B88BA}" = Catalyst Control Center Graphics Previews Vista
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims 3 World Adventures
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{BD3E0D67-D90D-3CA6-DE34-22B56D425136}" = CCC Help Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF9ABC80-D5DD-4511-8BF2-60BD8A1D8E86}_is1" = Family Project v1.0
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8B250A2-582A-6C80-108F-AA68E64A6F03}" = CCC Help Korean
"{FD040188-43B3-2C49-A8BF-5B0458031AED}" = ccc-core-static
"3D Custom Girl" = 3D Custom Girl
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Bazooka Cafe" = Bazooka Cafe
"burnatonce_is1" = burnatonce
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EA Download Manager" = EA Download Manager
"AChn[" = AChn[
"GoToAssist" = GoToAssist 8.0.0.514
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HaaliMkx" = Haali Media Splitter
"Hoyle Card Games 2010" = Hoyle Card Games 2010 (remove only)
"http://www.tinklebell.jp/applictions/ppexe/appid/1_is1" = ̃YxB `‚񁚃fU`1.00
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.4.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Melty Blood Act Cadenza English" = Melty Blood: Act Cadenza English v1.1
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Switch" = Switch Sound File Converter
"The Core Media Player" = The Core Media Player 4.0
"VLC media player" = VLC media player 1.1.1
"WavePad" = WavePad Sound Editor
"WindRP" = WindRP
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2010 2:15:15 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/19/2010 2:15:17 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search box extension\SRCHBXEX.DLL".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search box extension\SRCHBXEX.DLL"
on line 2. Invalid Xml syntax.

Error - 9/19/2010 2:15:17 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\SearchHelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll"
on line 2. Invalid Xml syntax.

Error - 9/19/2010 2:15:18 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 9/19/2010 3:01:14 AM | Computer Name = Alexander-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/19/2010 3:19:13 PM | Computer Name = Alexander-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/20/2010 2:52:38 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/20/2010 2:52:50 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/20/2010 2:52:58 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search box extension\SRCHBXEX.DLL".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search box extension\SRCHBXEX.DLL"
on line 2. Invalid Xml syntax.

Error - 9/20/2010 2:52:58 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\SearchHelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll"
on line 2. Invalid Xml syntax.

[ Media Center Events ]
Error - 10/1/2010 3:58:08 PM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 3:58:08 PM - Error connecting to the internet. 3:58:08 PM - Unable
to contact server..

Error - 10/1/2010 3:58:17 PM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 3:58:13 PM - Error connecting to the internet. 3:58:13 PM - Unable
to contact server..

Error - 10/1/2010 5:01:36 PM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 5:01:36 PM - Error connecting to the internet. 5:01:36 PM - Unable
to contact server..

Error - 10/1/2010 5:01:41 PM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 5:01:41 PM - Error connecting to the internet. 5:01:41 PM - Unable
to contact server..

Error - 10/1/2010 6:01:47 PM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 6:01:47 PM - Error connecting to the internet. 6:01:47 PM - Unable
to contact server..

Error - 10/1/2010 6:01:52 PM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 6:01:52 PM - Error connecting to the internet. 6:01:52 PM - Unable
to contact server..

Error - 10/2/2010 3:30:03 AM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 3:30:02 AM - Error connecting to the internet. 3:30:02 AM - Unable
to contact server..

Error - 10/2/2010 4:30:08 AM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 4:30:08 AM - Error connecting to the internet. 4:30:08 AM - Unable
to contact server..

Error - 10/2/2010 5:30:15 AM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 5:30:14 AM - Error connecting to the internet. 5:30:14 AM - Unable
to contact server..

Error - 10/2/2010 6:31:28 AM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 6:31:28 AM - Error connecting to the internet. 6:31:28 AM - Unable
to contact server..

[ System Events ]
Error - 8/14/2010 2:42:28 PM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMDrvService service failed to start due to the following error:
%%2

Error - 8/20/2010 1:17:18 AM | Computer Name = Alexander-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 8/20/2010 1:18:38 AM | Computer Name = Alexander-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 8/20/2010 1:50:17 AM | Computer Name = Alexander-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 8/20/2010 1:55:53 AM | Computer Name = Alexander-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 8/20/2010 1:58:01 AM | Computer Name = Alexander-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 8/20/2010 2:14:19 AM | Computer Name = Alexander-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 8/25/2010 4:17:00 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMDrvService service failed to start due to the following error:
%%2

Error - 9/3/2010 6:30:50 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMDrvService service failed to start due to the following error:
%%2

Error - 9/9/2010 1:22:16 AM | Computer Name = Alexander-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.253. The computer with the IP address 192.168.1.44 did
not allow the name to be claimed by this computer.


< End of report >


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:41 AM

Posted 03 October 2010 - 03:50 AM

Hi,

Let's run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    FF - prefs.js..extensions.enabledItems: {84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}:1.9.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}: C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\ [2010/09/22 17:49:06 | 000,000,000 | ---D | M]
    [2010/09/22 17:49:08 | 000,000,120 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Wbixafu.dat
    [2010/09/22 17:49:08 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin
    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log


Uninstall this old Java:
Java 6 Update 14 (64-bit)


Download ATF (Atribune Temp File) Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report & fresh OTL.txt log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 coremediawiz

coremediawiz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 03 October 2010 - 05:35 PM

OTL.txt

OTL logfile created on: 10/3/2010 2:33:47 PM - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Alexander\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 39.88 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/08/06 20:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 23:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/31 15:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/20 00:13:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\43E3.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMDrvService)
DRV:64bit: - [2009/11/24 23:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/28 03:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/09/10 00:03:56 | 000,017,200 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mbam.sys -- (MBAMDrvService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://g.msn.com/uscon/1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}:1.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}: C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\ [2010/09/22 17:49:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/01 18:28:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/01 18:28:00 | 000,000,000 | ---D | M]

[2010/09/28 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
[2010/09/28 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\2gfrsuul.default\extensions
[2010/10/03 00:14:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/28 11:41:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/31 12:41:45 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/01/06 04:26:15 | 000,371,323 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12797 more lines...
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Value error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\GoToAssist: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f5baa0e-219b-11df-a89b-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{0f5baa0e-219b-11df-a89b-00256482cdde}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{1bcc75b2-e060-11de-8669-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{1bcc75b2-e060-11de-8669-00256482cdde}\Shell\AutoRun\command - "" = F:\Family_Project_Setup.exe -- File not found
O33 - MountPoints2\{1bcc75d7-e060-11de-8669-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{1bcc75d7-e060-11de-8669-00256482cdde}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.EXE -- File not found
O33 - MountPoints2\I\Shell\configure\command - "" = I:\setup.EXE -- File not found
O33 - MountPoints2\I\Shell\install\command - "" = I:\setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/03 14:31:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/03 00:14:44 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\How To Port Codes
[2010/10/03 00:08:08 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\codetools
[2010/10/02 13:35:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/10/01 11:43:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Electronic Arts
[2010/09/29 03:01:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/29 03:00:26 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/28 15:54:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Family Project
[2010/09/28 11:42:44 | 006,275,448 | ---- | C] (Microsoft Corporation) -- C:\Users\Alexander\Desktop\Silverlight.exe
[2010/09/28 11:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/28 11:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/28 11:41:52 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/28 11:41:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/28 11:41:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/28 11:41:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/28 11:39:41 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Mozilla
[2010/09/28 11:39:41 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Mozilla
[2010/09/28 11:23:20 | 008,534,336 | ---- | C] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.10.exe
[2010/09/24 08:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gokuaku
[2010/09/24 08:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gokuaku_up_200
[2010/09/24 07:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICHAZURA
[2010/09/24 07:14:06 | 155,497,466 | ---- | C] (Inquisitor ) -- C:\Users\Alexander\Desktop\Ichazura HF Patch.exe
[2010/09/22 17:49:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}
[2010/09/17 02:44:00 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/29 16:03:07 | 013,373,440 | ---- | C] (illusion) -- C:\Program Files (x86)\School Mate 2 Special.exe
[2010/03/23 20:45:32 | 000,225,280 | ---- | C] (illusion) -- C:\Program Files (x86)\ilnsys32.dll
[2003/02/20 15:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr71.dll

========== Files - Modified Within 30 Days ==========

[2010/10/03 14:34:35 | 007,864,320 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT
[2010/10/03 14:32:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/03 14:32:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/03 14:32:42 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/03 14:32:10 | 008,809,403 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010/10/03 01:12:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/03 01:12:51 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/03 01:12:51 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/03 00:14:30 | 000,111,053 | ---- | M] () -- C:\Users\Alexander\Documents\How To Port Codes.rar
[2010/10/03 00:07:43 | 000,065,651 | ---- | M] () -- C:\Users\Alexander\Documents\codetools.zip
[2010/10/02 13:44:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 13:44:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 13:35:59 | 000,000,200 | ---- | M] () -- C:\Users\Alexander\defogger_reenable
[2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/10/01 11:11:52 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3 World Adventures.lnk
[2010/10/01 06:43:28 | 003,841,899 | ---- | M] () -- C:\Users\Alexander\Desktop\Rachels-Ch. 13.pdf
[2010/09/30 16:35:14 | 000,064,462 | ---- | M] () -- C:\Users\Alexander\Desktop\Syllabus-Ethics and Law-Fall 2010.rtf
[2010/09/30 12:34:04 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2010/09/29 06:33:06 | 006,748,491 | ---- | M] () -- C:\Users\Alexander\Desktop\Mill-Utilitarianism.pdf
[2010/09/28 11:50:28 | 000,284,915 | ---- | M] () -- C:\Users\Alexander\Desktop\gmer.zip
[2010/09/28 11:49:26 | 000,525,824 | ---- | M] () -- C:\Users\Alexander\Desktop\dds.scr
[2010/09/28 11:42:57 | 006,275,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Alexander\Desktop\Silverlight.exe
[2010/09/28 11:39:39 | 000,001,925 | ---- | M] () -- C:\Users\Alexander\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/28 11:39:39 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/28 11:23:20 | 008,534,336 | ---- | M] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.10.exe
[2010/09/24 07:26:12 | 155,497,466 | ---- | M] (Inquisitor ) -- C:\Users\Alexander\Desktop\Ichazura HF Patch.exe
[2010/09/22 20:04:29 | 000,007,608 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2010/09/22 17:49:08 | 000,000,120 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Wbixafu.dat
[2010/09/22 17:49:08 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin
[2010/09/22 07:02:45 | 004,075,309 | ---- | M] () -- C:\Users\Alexander\Desktop\Rousseau- The Social Contract.pdf
[2010/09/14 06:07:14 | 000,327,874 | ---- | M] () -- C:\Users\Alexander\Desktop\Kant-Groundwork for the Metaphysics of Morals.pdf

========== Files Created - No Company Name ==========

[2010/10/03 00:14:29 | 000,111,053 | ---- | C] () -- C:\Users\Alexander\Documents\How To Port Codes.rar
[2010/10/03 00:07:48 | 000,065,651 | ---- | C] () -- C:\Users\Alexander\Documents\codetools.zip
[2010/10/02 13:35:59 | 000,000,200 | ---- | C] () -- C:\Users\Alexander\defogger_reenable
[2010/10/01 11:11:52 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3 World Adventures.lnk
[2010/10/01 06:43:01 | 003,841,899 | ---- | C] () -- C:\Users\Alexander\Desktop\Rachels-Ch. 13.pdf
[2010/09/30 16:35:21 | 000,064,462 | ---- | C] () -- C:\Users\Alexander\Desktop\Syllabus-Ethics and Law-Fall 2010.rtf
[2010/09/30 12:34:04 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2010/09/29 06:32:42 | 006,748,491 | ---- | C] () -- C:\Users\Alexander\Desktop\Mill-Utilitarianism.pdf
[2010/09/28 11:58:41 | 000,293,376 | ---- | C] () -- C:\Users\Alexander\Desktop\gmer.exe
[2010/09/28 11:50:32 | 000,284,915 | ---- | C] () -- C:\Users\Alexander\Desktop\gmer.zip
[2010/09/28 11:49:26 | 000,525,824 | ---- | C] () -- C:\Users\Alexander\Desktop\dds.scr
[2010/09/28 11:39:39 | 000,001,925 | ---- | C] () -- C:\Users\Alexander\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/28 11:39:39 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/22 17:49:08 | 000,000,120 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Wbixafu.dat
[2010/09/22 17:49:08 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin
[2010/09/22 07:02:23 | 004,075,309 | ---- | C] () -- C:\Users\Alexander\Desktop\Rousseau- The Social Contract.pdf
[2010/09/14 06:07:18 | 000,327,874 | ---- | C] () -- C:\Users\Alexander\Desktop\Kant-Groundwork for the Metaphysics of Morals.pdf
[2010/05/08 15:54:38 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/06 19:10:31 | 000,564,224 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010/03/18 04:21:38 | 000,007,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2010/03/03 14:31:46 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\wklnhst.dat
[2010/03/01 05:28:20 | 000,001,512 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/21 09:37:39 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\DataSafeDotNet.exe
[2010/01/16 03:33:02 | 000,000,233 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010/01/04 15:25:14 | 000,101,376 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/04 18:01:53 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/04 18:01:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/04 18:01:52 | 001,559,040 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/04 18:01:52 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/04 18:01:52 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/04 18:01:52 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/12/03 19:16:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/20 02:07:19 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/20 02:07:19 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/03/28 04:35:15 | 000,196,608 | ---- | C] () -- C:\Program Files (x86)\ssleay32.dll
[2007/03/28 04:35:00 | 000,962,560 | ---- | C] () -- C:\Program Files (x86)\libeay32.dll
[2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Files - Unicode (All) ==========
[2010/08/20 14:24:28 | 000,000,000 | ---D | M](C:\Users\Alexander\Documents\?????) -- C:\Users\Alexander\Documents\あっぷりけ
[2010/08/20 14:24:28 | 000,000,000 | ---D | C](C:\Users\Alexander\Documents\?????) -- C:\Users\Alexander\Documents\あっぷりけ
[2010/08/20 11:01:41 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと
[2010/08/20 11:01:41 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと
[2010/08/14 23:51:13 | 000,039,814 | ---- | C] ()(C:\Users\Alexander\Documents\[100723] [BaseSon] ?????~???~ [No Activation + No DVD Patch].torrent) -- C:\Users\Alexander\Documents\[100723] [BaseSon] 真・恋姫無双~萌将伝~ [No Activation + No DVD Patch].torrent
[2010/08/14 23:51:10 | 000,039,814 | ---- | M] ()(C:\Users\Alexander\Documents\[100723] [BaseSon] ?????~???~ [No Activation + No DVD Patch].torrent) -- C:\Users\Alexander\Documents\[100723] [BaseSon] 真・恋姫無双~萌将伝~ [No Activation + No DVD Patch].torrent
[2010/06/17 04:29:38 | 013,369,344 | ---- | M] (illusion)(C:\Program Files (x86)\???~????2 ???!.exe) -- C:\Program Files (x86)\すくぅ~るメイト2 ぷらす!.exe
[2010/06/17 04:29:38 | 013,369,344 | ---- | C] (illusion)(C:\Program Files (x86)\???~????2 ???!.exe) -- C:\Program Files (x86)\すくぅ~るメイト2 ぷらす!.exe
(C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

KAS.txt

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 3, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 03, 2010 13:23:58
Records in database: 4282816
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
B:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 140722
Threats found: 3
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:43:27


File name / Threat / Threats count
C:\Users\Alexander\Desktop\mugen100rc6\Win Mugen\Win Mugen\Winmugen_debug.exe Infected: Worm.Win32.Qvod.qn 1
C:\Users\Alexander\Desktop\mugen100rc6\Win Mugen.zip Infected: Worm.Win32.Qvod.qn 1
C:\Users\Alexander\Documents\Crack\8A15DCE0.exe Infected: Trojan-GameThief.Win32.OnLineGames.wxyx 1
C:\Users\Alexander\Documents\Crack.rar Infected: Trojan-GameThief.Win32.OnLineGames.wxyx 1
E:\installation prgs\OTMoveIt2.exe Infected: Backdoor.Win32.SubSeven.auc 1

Selected area has been scanned.



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:41 AM

Posted 03 October 2010 - 11:46 PM

Hi,

Did you run OTL like instructed in my previous post?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 coremediawiz

coremediawiz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 October 2010 - 03:31 AM

QUOTE(Blade81 @ Oct 3 2010, 04:50 AM) View Post
Hi,

Let's run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    FF - prefs.js..extensions.enabledItems: {84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}:1.9.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}: C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\ [2010/09/22 17:49:06 | 000,000,000 | ---D | M]
    [2010/09/22 17:49:08 | 000,000,120 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Wbixafu.dat
    [2010/09/22 17:49:08 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin
    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log


Are you referring to this? Yes, I ran OTL. I rebooted when I was prompted. Then I ran it again except this time I just had it scan, and posted that log. Is the log that you wanted me to post the one that showed up after the reboot?

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:41 AM

Posted 04 October 2010 - 04:23 AM

Please post the one after reboot.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 coremediawiz

coremediawiz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 October 2010 - 06:28 AM

All processes killed
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}:1.9.1> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Firefox\Extensions\\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}: C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\ [2010/09/22 17:49:06 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <[2010/09/22 17:49:08 | 000,000,120 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Wbixafu.dat> in the current context!
Error: Unable to interpret <[2010/09/22 17:49:08 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Alexander
->Temp folder emptied: 537923733 bytes
->Temporary Internet Files folder emptied: 131736301 bytes
->Java cache emptied: 30316155 bytes
->FireFox cache emptied: 42932040 bytes
->Flash cache emptied: 101537 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12874109 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84081 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 721.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10032010_143141

Files\Folders moved on Reboot...
C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:41 AM

Posted 04 October 2010 - 09:50 AM

Hi,

Could you verify that :OTL line was not missing in the beginning?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 coremediawiz

coremediawiz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 October 2010 - 01:57 PM

I'm pretty sure I just copied and pasted everything in the code box.

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:41 AM

Posted 05 October 2010 - 12:10 AM

And hit "run fix" button? Ok. Let's try another thing.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Files
    C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}
    C:\Users\Alexander\AppData\Local\Wbixafu.dat
    C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin
    :Commands
    [emptytemp]
    :OTL
    FF - prefs.js..extensions.enabledItems: {84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}:1.9.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}: C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\ [2010/09/22 17:49:06 | 000,000,000 | ---D | M]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post result log + a new OTL log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 coremediawiz

coremediawiz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 05 October 2010 - 04:21 AM

Yes.

Result log.

All processes killed
========== FILES ==========
C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\chrome\content folder moved successfully.
C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\chrome folder moved successfully.
C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533} folder moved successfully.
C:\Users\Alexander\AppData\Local\Wbixafu.dat moved successfully.
C:\Users\Alexander\AppData\Local\Equdegaqabihe.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alexander
->Temp folder emptied: 109824516 bytes
->Temporary Internet Files folder emptied: 23973072 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 57277330 bytes
->Flash cache emptied: 1273 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 182.00 mb

========== OTL ==========
Prefs.js: {84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}:1.9.1 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\ not found.
File C:\Users\Alexander\AppData\Local\{84F0AD5C-986E-4A7E-98B7-B43F9FA4C533}\ not found.

OTL by OldTimer - Version 3.2.14.1 log created on 10052010_051246

Files\Folders moved on Reboot...
File\Folder C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\Alexander\AppData\Local\Temp\~DFC9FC40B2EB227336.TMP moved successfully.

Registry entries deleted on Reboot...

OTL.txt

OTL logfile created on: 10/5/2010 5:16:40 AM - Run 6
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Alexander\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 38.69 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/26 18:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/08/06 20:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 23:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/31 15:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/20 00:13:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\43E3.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMDrvService)
DRV:64bit: - [2009/11/24 23:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/28 03:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/09/10 00:03:56 | 000,017,200 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mbam.sys -- (MBAMDrvService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://g.msn.com/uscon/1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/03 19:06:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/01 18:28:00 | 000,000,000 | ---D | M]

[2010/09/28 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
[2010/09/28 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\2gfrsuul.default\extensions
[2010/10/04 05:21:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/28 11:41:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/31 12:41:45 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/01/06 04:26:15 | 000,371,323 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12797 more lines...
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Value error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\GoToAssist: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f5baa0e-219b-11df-a89b-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{0f5baa0e-219b-11df-a89b-00256482cdde}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{1bcc75b2-e060-11de-8669-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{1bcc75b2-e060-11de-8669-00256482cdde}\Shell\AutoRun\command - "" = F:\Family_Project_Setup.exe -- File not found
O33 - MountPoints2\{1bcc75d7-e060-11de-8669-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{1bcc75d7-e060-11de-8669-00256482cdde}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.EXE -- File not found
O33 - MountPoints2\I\Shell\configure\command - "" = I:\setup.EXE -- File not found
O33 - MountPoints2\I\Shell\install\command - "" = I:\setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/03 16:18:18 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Adobe
[2010/10/03 14:38:06 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Alexander\Desktop\ATF-Cleaner.exe
[2010/10/03 14:31:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/03 00:14:44 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\How To Port Codes
[2010/10/03 00:08:08 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\codetools
[2010/10/02 13:35:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/10/01 11:43:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Electronic Arts
[2010/09/29 03:01:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/29 03:00:26 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/28 15:54:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Family Project
[2010/09/28 11:42:44 | 006,275,448 | ---- | C] (Microsoft Corporation) -- C:\Users\Alexander\Desktop\Silverlight.exe
[2010/09/28 11:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/28 11:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/28 11:41:52 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/09/28 11:41:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/09/28 11:41:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/09/28 11:41:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/09/28 11:39:41 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Mozilla
[2010/09/28 11:39:41 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Mozilla
[2010/09/28 11:23:20 | 008,534,336 | ---- | C] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.10.exe
[2010/09/24 08:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gokuaku
[2010/09/24 08:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gokuaku_up_200
[2010/09/24 07:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICHAZURA
[2010/09/24 07:14:06 | 155,497,466 | ---- | C] (Inquisitor ) -- C:\Users\Alexander\Desktop\Ichazura HF Patch.exe
[2010/09/17 02:44:00 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/29 16:03:07 | 013,373,440 | ---- | C] (illusion) -- C:\Program Files (x86)\School Mate 2 Special.exe
[2010/03/23 20:45:32 | 000,225,280 | ---- | C] (illusion) -- C:\Program Files (x86)\ilnsys32.dll
[2003/02/20 15:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr71.dll

========== Files - Modified Within 30 Days ==========

[2010/10/05 05:14:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/05 05:14:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/05 05:14:02 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 05:13:33 | 007,864,320 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT
[2010/10/05 05:13:31 | 008,826,235 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010/10/03 22:08:17 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/03 22:08:17 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/03 22:08:17 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/03 14:40:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 14:40:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 14:38:01 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Alexander\Desktop\ATF-Cleaner.exe
[2010/10/03 00:14:30 | 000,111,053 | ---- | M] () -- C:\Users\Alexander\Documents\How To Port Codes.rar
[2010/10/03 00:07:43 | 000,065,651 | ---- | M] () -- C:\Users\Alexander\Documents\codetools.zip
[2010/10/02 13:35:59 | 000,000,200 | ---- | M] () -- C:\Users\Alexander\defogger_reenable
[2010/10/02 13:35:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/10/01 11:11:52 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3 World Adventures.lnk
[2010/10/01 06:43:28 | 003,841,899 | ---- | M] () -- C:\Users\Alexander\Desktop\Rachels-Ch. 13.pdf
[2010/09/30 16:35:14 | 000,064,462 | ---- | M] () -- C:\Users\Alexander\Desktop\Syllabus-Ethics and Law-Fall 2010.rtf
[2010/09/30 12:34:04 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2010/09/29 06:33:06 | 006,748,491 | ---- | M] () -- C:\Users\Alexander\Desktop\Mill-Utilitarianism.pdf
[2010/09/28 11:50:28 | 000,284,915 | ---- | M] () -- C:\Users\Alexander\Desktop\gmer.zip
[2010/09/28 11:49:26 | 000,525,824 | ---- | M] () -- C:\Users\Alexander\Desktop\dds.scr
[2010/09/28 11:42:57 | 006,275,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Alexander\Desktop\Silverlight.exe
[2010/09/28 11:39:39 | 000,001,925 | ---- | M] () -- C:\Users\Alexander\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/28 11:39:39 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/28 11:23:20 | 008,534,336 | ---- | M] (Mozilla) -- C:\Users\Alexander\Desktop\Firefox Setup 3.6.10.exe
[2010/09/24 07:26:12 | 155,497,466 | ---- | M] (Inquisitor ) -- C:\Users\Alexander\Desktop\Ichazura HF Patch.exe
[2010/09/22 20:04:29 | 000,007,608 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2010/09/22 07:02:45 | 004,075,309 | ---- | M] () -- C:\Users\Alexander\Desktop\Rousseau- The Social Contract.pdf
[2010/09/14 06:07:14 | 000,327,874 | ---- | M] () -- C:\Users\Alexander\Desktop\Kant-Groundwork for the Metaphysics of Morals.pdf

========== Files Created - No Company Name ==========

[2010/10/03 00:14:29 | 000,111,053 | ---- | C] () -- C:\Users\Alexander\Documents\How To Port Codes.rar
[2010/10/03 00:07:48 | 000,065,651 | ---- | C] () -- C:\Users\Alexander\Documents\codetools.zip
[2010/10/02 13:35:59 | 000,000,200 | ---- | C] () -- C:\Users\Alexander\defogger_reenable
[2010/10/01 11:11:52 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3 World Adventures.lnk
[2010/10/01 06:43:01 | 003,841,899 | ---- | C] () -- C:\Users\Alexander\Desktop\Rachels-Ch. 13.pdf
[2010/09/30 16:35:21 | 000,064,462 | ---- | C] () -- C:\Users\Alexander\Desktop\Syllabus-Ethics and Law-Fall 2010.rtf
[2010/09/30 12:34:04 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 3.lnk
[2010/09/29 06:32:42 | 006,748,491 | ---- | C] () -- C:\Users\Alexander\Desktop\Mill-Utilitarianism.pdf
[2010/09/28 11:58:41 | 000,293,376 | ---- | C] () -- C:\Users\Alexander\Desktop\gmer.exe
[2010/09/28 11:50:32 | 000,284,915 | ---- | C] () -- C:\Users\Alexander\Desktop\gmer.zip
[2010/09/28 11:49:26 | 000,525,824 | ---- | C] () -- C:\Users\Alexander\Desktop\dds.scr
[2010/09/28 11:39:39 | 000,001,925 | ---- | C] () -- C:\Users\Alexander\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/28 11:39:39 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/22 07:02:23 | 004,075,309 | ---- | C] () -- C:\Users\Alexander\Desktop\Rousseau- The Social Contract.pdf
[2010/09/14 06:07:18 | 000,327,874 | ---- | C] () -- C:\Users\Alexander\Desktop\Kant-Groundwork for the Metaphysics of Morals.pdf
[2010/05/08 15:54:38 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/06 19:10:31 | 000,564,224 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2010/03/18 04:21:38 | 000,007,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
[2010/03/03 14:31:46 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\wklnhst.dat
[2010/03/01 05:28:20 | 000,001,512 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/21 09:37:39 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\DataSafeDotNet.exe
[2010/01/16 03:33:02 | 000,000,233 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010/01/04 15:25:14 | 000,101,376 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/04 18:01:53 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/04 18:01:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/04 18:01:52 | 001,559,040 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/04 18:01:52 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/04 18:01:52 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/04 18:01:52 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/12/03 19:16:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/20 02:07:19 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/20 02:07:19 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/03/28 04:35:15 | 000,196,608 | ---- | C] () -- C:\Program Files (x86)\ssleay32.dll
[2007/03/28 04:35:00 | 000,962,560 | ---- | C] () -- C:\Program Files (x86)\libeay32.dll
[2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Files - Unicode (All) ==========
[2010/08/20 14:24:28 | 000,000,000 | ---D | M](C:\Users\Alexander\Documents\?????) -- C:\Users\Alexander\Documents\あっぷりけ
[2010/08/20 14:24:28 | 000,000,000 | ---D | C](C:\Users\Alexander\Documents\?????) -- C:\Users\Alexander\Documents\あっぷりけ
[2010/08/20 11:01:41 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと
[2010/08/20 11:01:41 | 000,000,000 | ---D | M](C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと
[2010/08/14 23:51:13 | 000,039,814 | ---- | C] ()(C:\Users\Alexander\Documents\[100723] [BaseSon] ?????~???~ [No Activation + No DVD Patch].torrent) -- C:\Users\Alexander\Documents\[100723] [BaseSon] 真・恋姫無双~萌将伝~ [No Activation + No DVD Patch].torrent
[2010/08/14 23:51:10 | 000,039,814 | ---- | M] ()(C:\Users\Alexander\Documents\[100723] [BaseSon] ?????~???~ [No Activation + No DVD Patch].torrent) -- C:\Users\Alexander\Documents\[100723] [BaseSon] 真・恋姫無双~萌将伝~ [No Activation + No DVD Patch].torrent
[2010/06/17 04:29:38 | 013,369,344 | ---- | M] (illusion)(C:\Program Files (x86)\???~????2 ???!.exe) -- C:\Program Files (x86)\すくぅ~るメイト2 ぷらす!.exe
[2010/06/17 04:29:38 | 013,369,344 | ---- | C] (illusion)(C:\Program Files (x86)\???~????2 ???!.exe) -- C:\Program Files (x86)\すくぅ~るメイト2 ぷらす!.exe
(C:\Users\Alexander\AppData\Roaming\??????) -- C:\Users\Alexander\AppData\Roaming\じぃすぽっと

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >




#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:41 AM

Posted 05 October 2010 - 08:43 AM

Good. Does redirecting still happen?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 coremediawiz

coremediawiz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 05 October 2010 - 02:18 PM

After several Google searches I have not encountered a redirect as of yet.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users