Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 moon606

moon606

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 15 October 2010 - 10:47 AM

have had this for a few weeks and cant shake it

also the pic of gmer is showing the only box's it would let me check

ive tried mbam and many others listed in forums nothing will find it

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 15 October 2010 - 03:11 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:05 PM

Posted 26 October 2010 - 11:35 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 moon606

moon606
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 26 October 2010 - 05:15 PM

The machine just redirects when searching in google or IE does not seem slow and no other issues that i can see just the redirect. My anti-virus (avg) has stopped a few virus's from pages when i couldn't click the back button quickly , I try not to let the web sites load if i can help it. OLT only poped up one report but saved one to my desktop the secound one i pasted was the one saved to my desktop. Apon tring to run Rootkit Unhooker I get a error saying error loading driver NTSTATUS code : 0xc000036B and another box that says intializing please wait a few secounds but nothing happens.



OTL logfile created on: 10/26/2010 6:01:54 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\aaron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.35 Gb Total Space | 145.42 Gb Free Space | 50.61% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/26 17:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aaron\Desktop\OTL.exe
PRC - [2010/10/26 17:44:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/12 20:24:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/11 02:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/08/29 19:06:16 | 000,223,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/08/20 20:26:08 | 002,705,976 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
PRC - [2008/08/14 01:00:16 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 01:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 00:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/14 00:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 20:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/18 02:10:34 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2008/06/18 02:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008/03/25 01:39:18 | 000,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
PRC - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 16:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 17:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aaron\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 16:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2010/10/12 20:24:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/08/14 00:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/13 16:27:46 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2010/08/19 21:42:36 | 000,133,712 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/08 10:03:36 | 000,067,104 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/11/12 00:14:28 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/08 10:49:30 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2009/09/04 20:07:34 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/08/17 14:51:36 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/08/17 14:51:36 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/09/12 01:48:25 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/08/22 13:05:40 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/08/20 14:41:52 | 000,191,872 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV:64bit: - [2008/08/20 14:40:48 | 000,200,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV:64bit: - [2008/06/24 17:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/10 16:04:27 | 000,036,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/29 14:21:00 | 000,016,440 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/04/01 05:59:19 | 001,878,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2007/08/03 00:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 23:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/27 00:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 15:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/27 09:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]

IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d7f2e6be-a126-441e-9912-29d937205521}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.2.4
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbc9ee8&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/26 08:03:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 08:19:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/26 17:44:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/26 17:44:52 | 000,000,000 | ---D | M]

[2009/09/06 11:26:53 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Mozilla\Extensions
[2009/09/06 11:26:53 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/26 09:04:58 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions
[2009/07/16 23:23:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 17:14:58 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2009/04/18 04:18:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/06 11:06:25 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010/07/13 12:38:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521}
[2009/11/13 04:25:04 | 000,000,917 | ---- | M] () -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\searchplugins\conduit.xml
[2010/08/12 09:59:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/30 10:44:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 09:59:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/09 12:14:44 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/10/13 12:55:42 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {0144DC29-EBC5-4B6E-AB03-D5BA1E255D74} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: UacDisableNotify = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 24.247.24.53 68.115.71.53
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - C:\Program Files (x86)\Stardock\MyColors\fast64.dll File not found
O24 - Desktop WallPaper: C:\Users\aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{637499ee-ac91-11dd-8a88-002354ec6746}\Shell - "" = AutoRun
O33 - MountPoints2\{637499ee-ac91-11dd-8a88-002354ec6746}\Shell\AutoRun\command - "" = D:\WIN\setup.exe -- File not found
O33 - MountPoints2\{6439746e-1084-11de-9d19-002354ec6746}\Shell - "" = AutoRun
O33 - MountPoints2\{6439746e-1084-11de-9d19-002354ec6746}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f6f26d93-7170-11de-99cc-002354ec6746}\Shell - "" = AutoRun
O33 - MountPoints2\{f6f26d93-7170-11de-99cc-002354ec6746}\Shell\AutoRun\command - "" = D:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/26 17:46:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\aaron\Desktop\OTL.exe
[2010/10/26 08:03:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/25 09:49:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/25 09:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/25 09:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/25 09:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/10/25 09:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/10/25 09:43:51 | 000,000,000 | ---D | C] -- C:\Users\aaron\AppData\Local\Windows Live
[2010/10/23 19:37:32 | 000,000,000 | ---D | C] -- C:\Users\aaron\Desktop\Liam
[2010/10/18 20:48:36 | 000,000,000 | ---D | C] -- C:\Users\aaron\AppData\Local\AVG Security Toolbar
[2010/10/18 15:29:04 | 000,000,000 | ---D | C] -- C:\Users\aaron\AppData\Roaming\AVG10
[2010/10/18 15:24:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/18 15:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/10/18 15:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/18 15:21:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/10/18 12:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/16 19:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/16 19:07:25 | 000,000,000 | ---D | C] -- C:\Users\aaron\Desktop\Downloads
[2010/10/16 19:07:06 | 000,367,208 | ---- | C] (RegNow.com) -- C:\Users\aaron\Desktop\Download_7.0.0.538f-sdsetup-regnow201.exe
[2010/10/15 20:25:55 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/15 20:19:06 | 000,000,000 | ---D | C] -- C:\Users\aaron\Desktop\tdsskiller
[2010/10/15 10:44:24 | 000,000,000 | ---D | C] -- C:\Users\aaron\AppData\Roaming\SafeReturner
[2010/10/15 10:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safe Returner
[2010/10/15 10:42:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 01:53:34 | 000,000,000 | ---D | C] -- C:\FyK
[2010/10/13 15:40:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/10/13 13:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/13 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/12 20:59:16 | 000,000,000 | ---D | C] -- C:\d33ee432bca4e020d83be8e8
[2010/10/12 20:24:25 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/10/12 20:24:25 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/10/12 15:57:06 | 000,000,000 | ---D | C] -- C:\Users\aaron\Documents\RegRun2
[2010/10/12 15:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2010/10/12 15:19:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010/10/06 11:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/10/06 11:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/06 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010/09/27 11:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/27 11:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/27 11:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/27 11:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/27 11:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/26 17:48:37 | 000,133,632 | ---- | M] () -- C:\Users\aaron\Desktop\RKUnhookerLE.EXE
[2010/10/26 17:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aaron\Desktop\OTL.exe
[2010/10/26 17:44:39 | 000,133,903 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/26 16:20:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/26 16:20:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/26 11:45:07 | 000,000,000 | ---- | M] () -- C:\Users\aaron\AppData\Local\prvlcl.dat
[2010/10/26 10:28:39 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/26 10:28:39 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/26 10:28:39 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/26 10:21:12 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/10/26 10:21:10 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/10/26 10:20:49 | 000,133,903 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/26 10:20:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/26 10:20:36 | 000,310,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/26 08:04:09 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/26 08:02:38 | 097,722,618 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/23 19:34:52 | 000,066,331 | ---- | M] () -- C:\Users\aaron\Desktop\73763_1670287557195_1237558180_1803909_2948721_n.jpg
[2010/10/18 15:24:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/18 15:24:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/18 15:19:55 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/10/16 19:07:14 | 000,367,208 | ---- | M] (RegNow.com) -- C:\Users\aaron\Desktop\Download_7.0.0.538f-sdsetup-regnow201.exe
[2010/10/16 18:51:05 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/10/16 18:47:16 | 000,000,732 | ---- | M] () -- C:\Users\aaron\AppData\Local\d3d9caps64.dat
[2010/10/16 15:23:04 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/10/15 20:17:21 | 001,211,285 | ---- | M] () -- C:\Users\aaron\Desktop\tdsskiller.zip
[2010/10/15 11:09:09 | 000,544,768 | ---- | M] () -- C:\Users\aaron\Desktop\dds.scr
[2010/10/14 03:13:36 | 000,000,702 | ---- | M] () -- C:\FindyKill_Upload_Me_aaron-PC.zip
[2010/10/13 15:40:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/10/13 15:24:05 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/10/13 13:50:14 | 000,293,376 | ---- | M] () -- C:\Users\aaron\Desktop\gmer.exe
[2010/10/13 10:27:29 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/12 20:24:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/10/12 17:52:44 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/10/12 16:09:33 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/10/12 15:58:04 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/10/12 15:58:04 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/10/12 15:58:04 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/10/12 02:53:43 | 000,163,212 | ---- | M] () -- C:\Users\aaron\Desktop\1286864815925.jpg
[2010/10/11 17:19:14 | 000,031,789 | ---- | M] () -- C:\Users\aaron\Desktop\The_harpoons_Man_them.jpg
[2010/10/09 00:15:40 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2010/10/05 19:02:36 | 000,000,680 | ---- | M] () -- C:\Users\aaron\AppData\Local\d3d9caps.dat
[2010/10/05 19:01:57 | 000,000,312 | ---- | M] () -- C:\Users\aaron\Desktop\Curse Client.appref-ms
[2010/10/05 15:10:06 | 000,462,877 | ---- | M] () -- C:\Users\aaron\Desktop\wallpaper-334983.jpg
[2010/10/04 11:24:01 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2010/10/02 02:51:21 | 000,024,064 | ---- | M] () -- C:\Users\aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/29 14:42:20 | 000,181,535 | ---- | M] () -- C:\Users\aaron\Desktop\Jiggaboo04.jpg
[2010/09/29 11:44:54 | 000,215,106 | ---- | M] () -- C:\Users\aaron\Desktop\1285773071711.jpg
[2010/09/27 11:12:55 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/26 17:48:35 | 000,133,632 | ---- | C] () -- C:\Users\aaron\Desktop\RKUnhookerLE.EXE
[2010/10/26 08:02:38 | 097,722,618 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/23 19:34:52 | 000,066,331 | ---- | C] () -- C:\Users\aaron\Desktop\73763_1670287557195_1237558180_1803909_2948721_n.jpg
[2010/10/18 15:24:11 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/16 19:09:27 | 000,010,570 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI20D9.txt
[2010/10/16 19:09:26 | 000,362,018 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistMSI20D6.txt
[2010/10/16 19:09:26 | 000,011,174 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI20D6.txt
[2010/10/16 18:51:05 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/10/16 15:34:55 | 000,000,732 | ---- | C] () -- C:\Users\aaron\AppData\Local\d3d9caps64.dat
[2010/10/15 20:20:30 | 003,878,912 | ---- | C] () -- C:\Users\aaron\Desktop\ComFix.exe
[2010/10/15 20:17:13 | 001,211,285 | ---- | C] () -- C:\Users\aaron\Desktop\tdsskiller.zip
[2010/10/15 11:43:29 | 000,058,434 | ---- | C] () -- C:\Users\aaron\Desktop\gmer pic.jpg
[2010/10/15 11:09:00 | 000,544,768 | ---- | C] () -- C:\Users\aaron\Desktop\dds.scr
[2010/10/14 03:13:36 | 000,000,702 | ---- | C] () -- C:\FindyKill_Upload_Me_aaron-PC.zip
[2010/10/13 13:50:14 | 000,293,376 | ---- | C] () -- C:\Users\aaron\Desktop\gmer.exe
[2010/10/13 13:33:45 | 000,446,516 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistMSI357A.txt
[2010/10/13 13:33:42 | 000,012,946 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI357A.txt
[2010/10/13 12:19:16 | 000,010,650 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI7C82.txt
[2010/10/13 12:19:15 | 000,427,398 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistMSI7C7E.txt
[2010/10/13 12:19:15 | 000,011,430 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI7C7E.txt
[2010/10/12 20:21:50 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/10/12 15:58:04 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/10/12 15:58:04 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/10/12 15:58:04 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/10/12 02:53:43 | 000,163,212 | ---- | C] () -- C:\Users\aaron\Desktop\1286864815925.jpg
[2010/10/11 17:19:14 | 000,031,789 | ---- | C] () -- C:\Users\aaron\Desktop\The_harpoons_Man_them.jpg
[2010/10/06 11:11:29 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/10/05 15:10:06 | 000,462,877 | ---- | C] () -- C:\Users\aaron\Desktop\wallpaper-334983.jpg
[2010/09/29 14:42:20 | 000,181,535 | ---- | C] () -- C:\Users\aaron\Desktop\Jiggaboo04.jpg
[2010/09/29 11:44:54 | 000,215,106 | ---- | C] () -- C:\Users\aaron\Desktop\1285773071711.jpg
[2010/09/27 11:12:55 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/26 13:10:52 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/09 15:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/11/18 04:25:40 | 000,000,000 | ---- | C] () -- C:\Users\aaron\AppData\Local\prvlcl.dat
[2009/09/05 21:26:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/08/24 01:35:19 | 000,000,680 | ---- | C] () -- C:\Users\aaron\AppData\Local\d3d9caps.dat
[2009/08/03 02:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/08/01 19:52:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/01 19:51:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/21 13:09:23 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2009/03/14 22:27:18 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/03/14 22:27:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/03/14 22:27:17 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/14 22:27:17 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/03/14 22:27:16 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/03/14 22:27:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/03/14 22:21:41 | 000,024,064 | ---- | C] () -- C:\Users\aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 12:06:26 | 000,029,216 | ---- | C] () -- C:\Users\aaron\AppData\Roaming\UserTile.png
[2009/03/13 10:17:54 | 000,000,000 | ---- | C] () -- C:\Users\aaron\AppData\Roaming\wklnhst.dat
[2009/03/13 09:52:00 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/03/13 07:30:21 | 000,002,039 | ---- | C] () -- C:\Users\aaron\AppData\Roaming\install.dat
[2008/09/19 07:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/07/01 23:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 13:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/12 14:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files (x86)\Common Files\ASPG_icon.ico

========== LOP Check ==========

[2009/03/13 09:57:19 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Absolute
[2009/08/01 19:36:18 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\acccore
[2010/10/18 15:29:04 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\AVG10
[2009/03/15 18:41:42 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\aVinci
[2009/07/15 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Bytemobile
[2010/09/09 23:59:33 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\EVEMon
[2010/10/16 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\GetRightToGo
[2010/07/23 02:16:19 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\GlarySoft
[2010/07/13 12:41:44 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\LimeWire
[2009/03/13 12:06:26 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\PeerNetworking
[2009/09/27 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\ProfitUI Reborn Updater
[2009/07/24 13:00:31 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Research In Motion
[2010/10/15 10:49:34 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\SafeReturner
[2009/07/15 16:47:53 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Sierra Wireless
[2009/07/21 12:58:01 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Stardock
[2009/12/16 15:15:23 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\SystemRequirementsLab
[2009/03/15 00:09:21 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Template
[2009/09/17 23:29:42 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\uTorrent
[2009/07/15 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Bytemobile
[2009/07/15 18:03:31 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Sierra Wireless
[2010/10/26 10:18:49 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >


OTL logfile created on: 10/26/2010 6:01:54 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\aaron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.35 Gb Total Space | 145.42 Gb Free Space | 50.61% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/26 17:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aaron\Desktop\OTL.exe
PRC - [2010/10/26 17:44:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/12 20:24:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/11 02:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/08/29 19:06:16 | 000,223,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/08/20 20:26:08 | 002,705,976 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
PRC - [2008/08/14 01:00:16 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 01:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 00:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/14 00:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 20:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/06/18 02:10:34 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2008/06/18 02:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008/03/25 01:39:18 | 000,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
PRC - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 16:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 17:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aaron\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV:64bit: - [2007/08/03 16:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2010/10/12 20:24:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/08/14 00:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/13 16:27:46 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:58 | 000,381,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2010/08/19 21:42:36 | 000,133,712 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/08 10:03:36 | 000,067,104 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/11/12 00:14:28 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/08 10:49:30 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2009/09/04 20:07:34 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/08/17 14:51:36 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/08/17 14:51:36 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/09/12 01:48:25 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/08/22 13:05:40 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/08/20 14:41:52 | 000,191,872 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV:64bit: - [2008/08/20 14:40:48 | 000,200,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV:64bit: - [2008/06/24 17:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/10 16:04:27 | 000,036,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/05/29 14:21:00 | 000,016,440 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)
DRV:64bit: - [2008/04/01 05:59:19 | 001,878,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2007/08/03 00:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV:64bit: - [2007/07/27 23:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/27 00:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 15:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/27 09:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]

IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 29 DC 44 01 C5 EB 6E 4B AB 03 D5 BA 1E 25 5D 74 [binary data]
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d7f2e6be-a126-441e-9912-29d937205521}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.2.4
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbc9ee8&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/26 08:03:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 08:19:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/26 17:44:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/26 17:44:52 | 000,000,000 | ---D | M]

[2009/09/06 11:26:53 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Mozilla\Extensions
[2009/09/06 11:26:53 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/26 09:04:58 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions
[2009/07/16 23:23:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 17:14:58 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2009/04/18 04:18:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/06 11:06:25 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010/07/13 12:38:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521}
[2009/11/13 04:25:04 | 000,000,917 | ---- | M] () -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\searchplugins\conduit.xml
[2010/08/12 09:59:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/30 10:44:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 09:59:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/09 12:14:44 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/10/13 12:55:42 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {0144DC29-EBC5-4B6E-AB03-D5BA1E255D74} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-4029989407-578229857-2172964697-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: UacDisableNotify = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 24.247.24.53 68.115.71.53
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - C:\Program Files (x86)\Stardock\MyColors\fast64.dll File not found
O24 - Desktop WallPaper: C:\Users\aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{637499ee-ac91-11dd-8a88-002354ec6746}\Shell - "" = AutoRun
O33 - MountPoints2\{637499ee-ac91-11dd-8a88-002354ec6746}\Shell\AutoRun\command - "" = D:\WIN\setup.exe -- File not found
O33 - MountPoints2\{6439746e-1084-11de-9d19-002354ec6746}\Shell - "" = AutoRun
O33 - MountPoints2\{6439746e-1084-11de-9d19-002354ec6746}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f6f26d93-7170-11de-99cc-002354ec6746}\Shell - "" = AutoRun
O33 - MountPoints2\{f6f26d93-7170-11de-99cc-002354ec6746}\Shell\AutoRun\command - "" = D:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/26 17:46:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\aaron\Desktop\OTL.exe
[2010/10/26 08:03:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/25 09:49:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/25 09:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/25 09:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/25 09:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/10/25 09:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/10/25 09:43:51 | 000,000,000 | ---D | C] -- C:\Users\aaron\AppData\Local\Windows Live
[2010/10/23 19:37:32 | 000,000,000 | ---D | C] -- C:\Users\aaron\Desktop\Liam
[2010/10/18 20:48:36 | 000,000,000 | ---D | C] -- C:\Users\aaron\AppData\Local\AVG Security Toolbar
[2010/10/18 15:29:04 | 000,000,000 | ---D | C] -- C:\Users\aaron\AppData\Roaming\AVG10
[2010/10/18 15:24:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/18 15:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/10/18 15:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/18 15:21:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/10/18 12:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/16 19:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/16 19:07:25 | 000,000,000 | ---D | C] -- C:\Users\aaron\Desktop\Downloads
[2010/10/16 19:07:06 | 000,367,208 | ---- | C] (RegNow.com) -- C:\Users\aaron\Desktop\Download_7.0.0.538f-sdsetup-regnow201.exe
[2010/10/15 20:25:55 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/15 20:19:06 | 000,000,000 | ---D | C] -- C:\Users\aaron\Desktop\tdsskiller
[2010/10/15 10:44:24 | 000,000,000 | ---D | C] -- C:\Users\aaron\AppData\Roaming\SafeReturner
[2010/10/15 10:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safe Returner
[2010/10/15 10:42:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 01:53:34 | 000,000,000 | ---D | C] -- C:\FyK
[2010/10/13 15:40:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/10/13 13:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/13 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/12 20:59:16 | 000,000,000 | ---D | C] -- C:\d33ee432bca4e020d83be8e8
[2010/10/12 20:24:25 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/10/12 20:24:25 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/10/12 15:57:06 | 000,000,000 | ---D | C] -- C:\Users\aaron\Documents\RegRun2
[2010/10/12 15:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2010/10/12 15:19:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010/10/06 11:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/10/06 11:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/06 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010/09/27 11:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/27 11:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/27 11:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/27 11:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/27 11:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/26 17:48:37 | 000,133,632 | ---- | M] () -- C:\Users\aaron\Desktop\RKUnhookerLE.EXE
[2010/10/26 17:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\aaron\Desktop\OTL.exe
[2010/10/26 17:44:39 | 000,133,903 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/26 16:20:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/26 16:20:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/26 11:45:07 | 000,000,000 | ---- | M] () -- C:\Users\aaron\AppData\Local\prvlcl.dat
[2010/10/26 10:28:39 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/26 10:28:39 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/26 10:28:39 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/26 10:21:12 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/10/26 10:21:10 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/10/26 10:20:49 | 000,133,903 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/26 10:20:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/26 10:20:36 | 000,310,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/26 08:04:09 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/26 08:02:38 | 097,722,618 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/23 19:34:52 | 000,066,331 | ---- | M] () -- C:\Users\aaron\Desktop\73763_1670287557195_1237558180_1803909_2948721_n.jpg
[2010/10/18 15:24:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/18 15:24:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/18 15:19:55 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/10/16 19:07:14 | 000,367,208 | ---- | M] (RegNow.com) -- C:\Users\aaron\Desktop\Download_7.0.0.538f-sdsetup-regnow201.exe
[2010/10/16 18:51:05 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/10/16 18:47:16 | 000,000,732 | ---- | M] () -- C:\Users\aaron\AppData\Local\d3d9caps64.dat
[2010/10/16 15:23:04 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/10/15 20:17:21 | 001,211,285 | ---- | M] () -- C:\Users\aaron\Desktop\tdsskiller.zip
[2010/10/15 11:09:09 | 000,544,768 | ---- | M] () -- C:\Users\aaron\Desktop\dds.scr
[2010/10/14 03:13:36 | 000,000,702 | ---- | M] () -- C:\FindyKill_Upload_Me_aaron-PC.zip
[2010/10/13 15:40:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010/10/13 15:24:05 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/10/13 13:50:14 | 000,293,376 | ---- | M] () -- C:\Users\aaron\Desktop\gmer.exe
[2010/10/13 10:27:29 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/12 20:24:02 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/10/12 17:52:44 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/10/12 16:09:33 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/10/12 15:58:04 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/10/12 15:58:04 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/10/12 15:58:04 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/10/12 02:53:43 | 000,163,212 | ---- | M] () -- C:\Users\aaron\Desktop\1286864815925.jpg
[2010/10/11 17:19:14 | 000,031,789 | ---- | M] () -- C:\Users\aaron\Desktop\The_harpoons_Man_them.jpg
[2010/10/09 00:15:40 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2010/10/05 19:02:36 | 000,000,680 | ---- | M] () -- C:\Users\aaron\AppData\Local\d3d9caps.dat
[2010/10/05 19:01:57 | 000,000,312 | ---- | M] () -- C:\Users\aaron\Desktop\Curse Client.appref-ms
[2010/10/05 15:10:06 | 000,462,877 | ---- | M] () -- C:\Users\aaron\Desktop\wallpaper-334983.jpg
[2010/10/04 11:24:01 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2010/10/02 02:51:21 | 000,024,064 | ---- | M] () -- C:\Users\aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/29 14:42:20 | 000,181,535 | ---- | M] () -- C:\Users\aaron\Desktop\Jiggaboo04.jpg
[2010/09/29 11:44:54 | 000,215,106 | ---- | M] () -- C:\Users\aaron\Desktop\1285773071711.jpg
[2010/09/27 11:12:55 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/26 17:48:35 | 000,133,632 | ---- | C] () -- C:\Users\aaron\Desktop\RKUnhookerLE.EXE
[2010/10/26 08:02:38 | 097,722,618 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/23 19:34:52 | 000,066,331 | ---- | C] () -- C:\Users\aaron\Desktop\73763_1670287557195_1237558180_1803909_2948721_n.jpg
[2010/10/18 15:24:11 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/16 19:09:27 | 000,010,570 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI20D9.txt
[2010/10/16 19:09:26 | 000,362,018 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistMSI20D6.txt
[2010/10/16 19:09:26 | 000,011,174 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI20D6.txt
[2010/10/16 18:51:05 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/10/16 15:34:55 | 000,000,732 | ---- | C] () -- C:\Users\aaron\AppData\Local\d3d9caps64.dat
[2010/10/15 20:20:30 | 003,878,912 | ---- | C] () -- C:\Users\aaron\Desktop\ComFix.exe
[2010/10/15 20:17:13 | 001,211,285 | ---- | C] () -- C:\Users\aaron\Desktop\tdsskiller.zip
[2010/10/15 11:43:29 | 000,058,434 | ---- | C] () -- C:\Users\aaron\Desktop\gmer pic.jpg
[2010/10/15 11:09:00 | 000,544,768 | ---- | C] () -- C:\Users\aaron\Desktop\dds.scr
[2010/10/14 03:13:36 | 000,000,702 | ---- | C] () -- C:\FindyKill_Upload_Me_aaron-PC.zip
[2010/10/13 13:50:14 | 000,293,376 | ---- | C] () -- C:\Users\aaron\Desktop\gmer.exe
[2010/10/13 13:33:45 | 000,446,516 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistMSI357A.txt
[2010/10/13 13:33:42 | 000,012,946 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI357A.txt
[2010/10/13 12:19:16 | 000,010,650 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI7C82.txt
[2010/10/13 12:19:15 | 000,427,398 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistMSI7C7E.txt
[2010/10/13 12:19:15 | 000,011,430 | ---- | C] () -- C:\Users\aaron\AppData\Local\dd_vcredistUI7C7E.txt
[2010/10/12 20:21:50 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/10/12 15:58:04 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/10/12 15:58:04 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/10/12 15:58:04 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/10/12 02:53:43 | 000,163,212 | ---- | C] () -- C:\Users\aaron\Desktop\1286864815925.jpg
[2010/10/11 17:19:14 | 000,031,789 | ---- | C] () -- C:\Users\aaron\Desktop\The_harpoons_Man_them.jpg
[2010/10/06 11:11:29 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/10/05 15:10:06 | 000,462,877 | ---- | C] () -- C:\Users\aaron\Desktop\wallpaper-334983.jpg
[2010/09/29 14:42:20 | 000,181,535 | ---- | C] () -- C:\Users\aaron\Desktop\Jiggaboo04.jpg
[2010/09/29 11:44:54 | 000,215,106 | ---- | C] () -- C:\Users\aaron\Desktop\1285773071711.jpg
[2010/09/27 11:12:55 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/26 13:10:52 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/09 15:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/11/18 04:25:40 | 000,000,000 | ---- | C] () -- C:\Users\aaron\AppData\Local\prvlcl.dat
[2009/09/05 21:26:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/08/24 01:35:19 | 000,000,680 | ---- | C] () -- C:\Users\aaron\AppData\Local\d3d9caps.dat
[2009/08/03 02:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/08/01 19:52:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/01 19:51:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/21 13:09:23 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2009/03/14 22:27:18 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/03/14 22:27:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/03/14 22:27:17 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/03/14 22:27:17 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/03/14 22:27:16 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/03/14 22:27:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/03/14 22:21:41 | 000,024,064 | ---- | C] () -- C:\Users\aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 12:06:26 | 000,029,216 | ---- | C] () -- C:\Users\aaron\AppData\Roaming\UserTile.png
[2009/03/13 10:17:54 | 000,000,000 | ---- | C] () -- C:\Users\aaron\AppData\Roaming\wklnhst.dat
[2009/03/13 09:52:00 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/03/13 07:30:21 | 000,002,039 | ---- | C] () -- C:\Users\aaron\AppData\Roaming\install.dat
[2008/09/19 07:41:00 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008/07/01 23:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 13:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/12 14:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files (x86)\Common Files\ASPG_icon.ico

========== LOP Check ==========

[2009/03/13 09:57:19 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Absolute
[2009/08/01 19:36:18 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\acccore
[2010/10/18 15:29:04 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\AVG10
[2009/03/15 18:41:42 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\aVinci
[2009/07/15 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Bytemobile
[2010/09/09 23:59:33 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\EVEMon
[2010/10/16 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\GetRightToGo
[2010/07/23 02:16:19 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\GlarySoft
[2010/07/13 12:41:44 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\LimeWire
[2009/03/13 12:06:26 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\PeerNetworking
[2009/09/27 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\ProfitUI Reborn Updater
[2009/07/24 13:00:31 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Research In Motion
[2010/10/15 10:49:34 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\SafeReturner
[2009/07/15 16:47:53 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Sierra Wireless
[2009/07/21 12:58:01 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Stardock
[2009/12/16 15:15:23 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\SystemRequirementsLab
[2009/03/15 00:09:21 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\Template
[2009/09/17 23:29:42 | 000,000,000 | ---D | M] -- C:\Users\aaron\AppData\Roaming\uTorrent
[2009/07/15 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Bytemobile
[2009/07/15 18:03:31 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Sierra Wireless
[2010/10/26 10:18:49 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:05 PM

Posted 27 October 2010 - 01:28 AM

Hi, you posted me two times otl.txt. Please post also extra.txt :)

You have a firefox add on that causes redirects. The following script ought to fix that. Please let me know how things are afterwards.

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otl
    FF - prefs.js..extensions.enabledItems: {d7f2e6be-a126-441e-9912-29d937205521}:1.0
    [2010/07/13 12:38:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521}
    
    :commands
    [emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 moon606

moon606
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 October 2010 - 07:00 AM

it only gave me the one txt i stated that in my last post ill try the fix

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:05 PM

Posted 27 October 2010 - 07:03 AM

Okay, please post me the results.

Then rerun OTL, click the NONE button, then change the value under Extra Registry to "Use safelist". Click Run Scan and post the created extra.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 moon606

moon606
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 October 2010 - 07:10 AM

Here is the log from the fix running OLT again


All processes killed
========== OTL ==========
Prefs.js: {d7f2e6be-a126-441e-9912-29d937205521}:1.0 removed from extensions.enabledItems
C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521}\defaults\preferences folder moved successfully.
C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521}\defaults folder moved successfully.
C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521}\chrome folder moved successfully.
C:\Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: aaron
->Temp folder emptied: 54556471 bytes
->Temporary Internet Files folder emptied: 3883445 bytes
->Java cache emptied: 61599943 bytes
->FireFox cache emptied: 105433840 bytes
->Flash cache emptied: 8478 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 15401956 bytes
->Temporary Internet Files folder emptied: 69697098 bytes
->Java cache emptied: 37870532 bytes
->FireFox cache emptied: 38633637 bytes
->Flash cache emptied: 3046 bytes

User: Public

%systemdrive% .tmp files removed: 419751 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4565475 bytes

Total Files Cleaned = 374.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10272010_080209

Files\Folders moved on Reboot...
File\Folder C:\Users\aaron\AppData\Local\Temp\1.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\12509.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\2.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\338669_ec9a7161.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\343390_35e70856.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\Look at that visor!!!.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\Me!! .JPG not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\Me!! 12.14.09 .JPG not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\ME!!!!.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\Mee!! 12.06.09.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\Mee!!02.16.10.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\Mee!!03.09.10.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\Meee!!!.JPG not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\My Titties.jpg not found!
File\Folder C:\Users\aaron\AppData\Local\Temp\pic8.jpg not found!
C:\Users\aaron\AppData\Local\Temp\ppcrlui_4420_2 moved successfully.
C:\Users\aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ5I333O\addons-tracker-v4[1].htm moved successfully.

Registry entries deleted on Reboot...

#8 moon606

moon606
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 October 2010 - 07:21 AM

Ok its still only popping up with a OTL.Txt and no extra.Txt I pasted the results below also I tried searching some of the stuff that gave me redirects before and it isnt redirecting now i will try some more to make sure



OTL logfile created on: 10/27/2010 8:17:06 AM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\aaron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.35 Gb Total Space | 147.85 Gb Free Space | 51.45% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:05 PM

Posted 27 October 2010 - 07:24 AM

How are things running now?

Please post also extra.txt (see my last post).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 moon606

moon606
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 October 2010 - 07:25 AM

my bad it did give me the extra here it is

OTL Extras logfile created on: 10/27/2010 8:14:18 AM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\aaron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.35 Gb Total Space | 147.85 Gb Free Space | 51.45% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A7 37 D1 A9 6D 1F CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FB3FBE-2060-4E36-AE27-F146DEAD0A45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{18CAA6CF-7357-441E-A179-2CBA4D0BE229}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{233CDE4D-D86F-4A61-9DE8-6CEEA426A6E1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{41B1F543-6C0E-49D5-B6E7-10469E8AEC3C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{45EF105D-51D4-48E2-A4F3-BAD2CBDF0A00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46996BFE-4C21-48D4-825C-7BE221F5D8E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7293FAAB-3717-492A-B88E-32FF03537490}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AA99E3F9-D27C-481D-8F7A-26747F046C84}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C011AA5A-275D-47EB-8C36-2244E524574E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C22266A0-7298-4767-8D53-127EEB7C1410}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{C2AC0A48-C1E0-4126-ABF4-B22B3128E45F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9A749DE-34F8-494F-BA5F-A01A9C11ABAF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DCDA2E61-ACB5-47A1-93C6-951A2B019D15}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E43EFE2D-8726-4C46-B39E-0560FE714B7E}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065A6374-AC8E-4F1B-8FC2-FB107E93EEFB}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{09547C80-DB49-4ECE-BC60-ECDB4B287941}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0D0557CA-C9C7-4977-86D5-7C6DCC5F91A2}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1D012D59-9DAA-412A-85A2-5FD510E0F3F1}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{242E8699-86B3-4113-B4DB-92701A8FF7ED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2805A55A-D6E8-47C8-AB18-E4B96C15E365}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2986AA63-AFC4-4843-9730-60DEDB7E07AD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{38011CA0-A052-4591-B5E1-110214A94250}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{38706221-6EEB-4D8E-A289-E667491F4E8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{398F19EB-6F6B-42AA-85D9-7E02303C0DA8}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{3E3A505A-D6E2-473D-8363-7A7B4FD3A36B}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{4142A4DE-7061-48E1-8944-686431FF1C49}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{42979ADF-1C9A-4502-B018-719D7102086A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{42E46828-19B5-4911-B222-C380875A690F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{456452D2-B658-47F2-9D6B-9E08A398CBEC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4E30B4F8-BD63-4EE2-A9A3-5FDE212EFD52}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{500037F2-8E45-4643-8740-BE74A3E84403}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5597E8F0-F52D-49CC-A35F-5710981280DB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{62D8C292-33C7-4784-A700-E830A2698F83}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{63ACBF74-986B-46AD-8B8C-D42B53C9F626}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{65ACFB82-050A-41D9-8097-E1E7C0711B99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{6640E1B6-938B-46A2-B156-BCBD543C54E4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{67B1098C-B931-4529-815C-3B4BECBA0E20}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6A3F7ED3-7B29-41C4-9A6B-A3991E4D2986}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{6C9094CA-3C55-4704-89EC-CA568B68D8C0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{71CB5310-0AF1-4018-8291-046390436626}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{7785A3F5-F7E2-4D2D-9138-71E1322A7555}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{78C9FC06-995A-45EC-A967-98956CEF0FC6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{8AF4BF5A-5380-4DF5-8040-5B7E2BA1BF51}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{8F7B807B-54F4-4564-97AB-02D14192C283}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{9B211BD1-2C45-4E53-8CF5-CF81F9BB0787}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9BE4E8F5-7F39-43C2-A70F-F90C3FCFF5D8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9C6D4F74-3DDD-4C26-8BCB-39A5B16A227A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{9E403DC5-3AE7-4004-BA6E-60AEB9BEE650}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{A05DC696-9DCC-466B-8B1B-7078AE189A5D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{A3787927-FE5C-4646-828A-3149F301DE7B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{ACA10D13-66D7-4ED6-9B10-2098A6AEF29E}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1133284-206C-4114-A187-AE30F890C1B4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{B92BFD32-3E4E-4098-A9A8-049E68674157}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{BC06C6D3-FD99-4785-A93D-4BD45FD7784A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{C382D6F6-39B6-406A-8EB8-1D3E1196431F}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{C4AC02AF-ED79-4D68-B494-B22B4272AD8D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{C77911AB-521F-4296-9B34-E2D60EC76837}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{C8CBFE82-EAAB-4E37-A63F-1BADC5C892E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C8D6745D-27AA-4FEA-8169-B6852E1FAFAD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{D6642F81-F785-4090-BA01-E4206D594176}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{D6A5D55C-2E97-4C5C-AC98-645C2241D55D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DDC4CF1A-72F8-4D00-99F1-81096AE89461}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{E2DB5304-EBC8-4F6C-923F-BC8EBAAA64CD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{EB874AAA-4C95-4B42-8213-F783429A7DE8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{EF9A612B-C571-47A0-98A6-080DB37EA21F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{F3E0D3A7-A70B-4073-A15D-62447178D4EE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{FE3DD36C-B945-4F60-9E86-5F9D34E130F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{0E603283-B25D-400B-BCA2-984472DEC5D1}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{24BF7A0E-2E6E-4233-BCE6-B53A23DB3226}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{26C6559F-420E-4DE6-922B-A81375F011F7}C:\program files (x86)\star vault\mortal online\mortalonline\unrealengine3\binaries\win32\nowgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\star vault\mortal online\mortalonline\unrealengine3\binaries\win32\nowgame.exe |
"TCP Query User{4E6660E5-5535-4347-81C3-EDB5B229B2B4}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{7E625592-560F-4547-B923-28373AB646FB}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{A9C4F9E3-DFE3-432C-90DD-53B2BC160B87}C:\users\aaron\appdata\locallow\sony online entertainment\station launcher\main\vivoxvoiceservice.exe" = protocol=6 | dir=in | app=c:\users\aaron\appdata\locallow\sony online entertainment\station launcher\main\vivoxvoiceservice.exe |
"TCP Query User{B7CB9027-074D-4EC8-B053-B161F619CCD5}C:\program files (x86)\sony online entertainment\station launcher\main\vivoxvoiceservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony online entertainment\station launcher\main\vivoxvoiceservice.exe |
"TCP Query User{B829954A-D357-4233-AD8E-1D7D6B2E6C19}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{F8798D04-5358-47F5-8AEB-20BA99369D58}C:\program files (x86)\star vault\mortal online\mortal online launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\star vault\mortal online\mortal online launcher.exe |
"TCP Query User{F8B7046B-84F8-496A-8258-449AD5DCEE4E}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{FECAACF1-29A8-4DB6-B1F0-C9218DCCEF91}C:\program files (x86)\sony\everquest ii\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\everquest ii\launchpad.exe |
"UDP Query User{2FD57556-4553-4043-BED3-463C27074EA5}C:\program files (x86)\star vault\mortal online\mortalonline\unrealengine3\binaries\win32\nowgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\star vault\mortal online\mortalonline\unrealengine3\binaries\win32\nowgame.exe |
"UDP Query User{6F922D6A-0479-4456-AB73-30B2088EA440}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{7D0E9C8F-0932-4878-808E-E14475B8DEB2}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{884F1A96-18EE-4C37-B958-140745E869A4}C:\program files (x86)\sony online entertainment\station launcher\main\vivoxvoiceservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony online entertainment\station launcher\main\vivoxvoiceservice.exe |
"UDP Query User{967D2032-5416-46F1-8B9C-9F36AC5F0FF7}C:\program files (x86)\star vault\mortal online\mortal online launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\star vault\mortal online\mortal online launcher.exe |
"UDP Query User{9841EDE5-B809-460F-989A-4DA7B0A68487}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{CE235D17-72B8-410C-94F5-48DF08BDF719}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{E080B498-F636-42C3-87FF-D3447F5A9CAA}C:\users\aaron\appdata\locallow\sony online entertainment\station launcher\main\vivoxvoiceservice.exe" = protocol=17 | dir=in | app=c:\users\aaron\appdata\locallow\sony online entertainment\station launcher\main\vivoxvoiceservice.exe |
"UDP Query User{EC3CC778-EC80-4324-A747-14F53E92B3F4}C:\program files (x86)\sony\everquest ii\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\everquest ii\launchpad.exe |
"UDP Query User{ED547F45-A145-46F3-8DD5-9AAB2585D46D}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F8398F74-9206-4D8A-BA65-64A871CB50F8}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08BE46F7-166A-4716-8603-75518EA54B3F}" = Driver Installer
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41B29F37-71AA-41A4-BD15-8C8B7102A092}" = Microsoft IntelliType Pro 6.3
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5BF8A577-B334-49BE-A7B2-349C1F1B0C58}" = AVG 2011
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{778C8673-1A90-45DD-91E8-33FD0202E9E2}" = AVG 2011
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}" = MobileMe Control Panel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA14F11-6F47-4613-8E40-6AC088E464A0}" = Cisco Network Magic
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E616A5EE-B7F4-4807-800B-79EB4EB2182B}" = Direct Console 2.0
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AVCPhotoStudio_Wrapper" = myPhotoMovie (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
"LimeWire" = LimeWire PRO 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Network MagicUninstall" = Network Magic
"ObjectDock" = ObjectDock
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"Picasa 3" = Picasa 3
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2010 12:47:55 PM | Computer Name = aaron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 10/18/2010 12:57:34 PM | Computer Name = aaron-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2010 3:20:11 PM | Computer Name = aaron-PC | Source = Perflib | ID = 1008
Description =

Error - 10/18/2010 3:20:31 PM | Computer Name = aaron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 10/18/2010 4:21:27 PM | Computer Name = aaron-PC | Source = Perflib | ID = 1008
Description =

Error - 10/18/2010 4:21:27 PM | Computer Name = aaron-PC | Source = Perflib | ID = 1008
Description =

Error - 10/18/2010 4:21:27 PM | Computer Name = aaron-PC | Source = Perflib | ID = 1010
Description =

Error - 10/18/2010 4:21:27 PM | Computer Name = aaron-PC | Source = Perflib | ID = 1008
Description =

Error - 10/18/2010 4:21:27 PM | Computer Name = aaron-PC | Source = Perflib | ID = 1008
Description =

Error - 10/18/2010 4:21:28 PM | Computer Name = aaron-PC | Source = Perflib | ID = 1008
Description =

[ System Events ]
Error - 10/26/2010 6:09:33 PM | Computer Name = aaron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/26/2010 6:09:40 PM | Computer Name = aaron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/26/2010 6:10:29 PM | Computer Name = aaron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/26/2010 6:14:16 PM | Computer Name = aaron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/26/2010 6:14:20 PM | Computer Name = aaron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/26/2010 6:14:26 PM | Computer Name = aaron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/26/2010 6:15:09 PM | Computer Name = aaron-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/27/2010 5:18:39 AM | Computer Name = aaron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/27/2010 8:02:09 AM | Computer Name = aaron-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/27/2010 8:07:36 AM | Computer Name = aaron-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#11 moon606

moon606
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 27 October 2010 - 08:09 AM

everything seems to be good now thank you for your help if you see anything in the last logs i posted or if you think i need to take additional steps let me know as if i encounter anything ill reply again... im still following this topic :thumbup2: :clapping:

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:05 PM

Posted 27 October 2010 - 09:39 AM

Hi, lets do some last steps to make sure everything is okay.


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 moon606

moon606
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 28 October 2010 - 06:44 AM

Yea i know the risks with utorrent i have not used it in over a year I know i got this from a web site just not sure witch one... <_<

I ran ESET it found 2 items

C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9ekx30tf.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521}\chrome\xulcache.jar JS/Agent.NCP trojan deleted - quarantined
C:\_OTL\MovedFiles\10272010_080209\C_Users\aaron\AppData\Roaming\Mozilla\Firefox\Profiles\koznnoem.default\extensions\{d7f2e6be-a126-441e-9912-29d937205521}\chrome\xulcache.jar JS/Agent.NCP trojan deleted - quarantined

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:05 PM

Posted 28 October 2010 - 07:14 AM

Just some leftovers were found :)

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
  • Please rerun OTL and click the cleanup button. Allow a reboot. This will remove all logs and tools we used.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 moon606

moon606
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 29 October 2010 - 07:08 AM

ty very much for your help :clapping: :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users