Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit?/malware blocking my internet access


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sjcolian27

Sjcolian27

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 07 December 2010 - 01:21 AM

I somehow contracted a virus which blocks my internet access. First it started with assigning random proxies to mozilla which I would remedy by disabling the proxy connection. Thus, my internet is working albeit sluggishly. However, whatever I have contracted is blocking internet access to any program which tries to access the internet. This includes WoW, any AV or antispyware which tries to update, and Curse Client (a trusted program which downloads addons for WoW). Additionally, on startup, my computer will boot with no explorer.exe running (i just get a black screen); explorer will come up if i run it through the taskmanager or wait about 5 mins. Prior to making this post I have run malwarebytes and Spybot S&D multiple time. On multiple occasion I have gotten coolwwwsearch.ole help and win32.autorun.tmp. CWsearch has subsided, but i think the Win32 is still around. I recently have run Malwarebytes and Spybot S&D and both have come up empty, as well as superantispyware and things like aeeater and rootalyzer. They all show up empty, but it is clear I still have a problem. I have been fighting this virus for roughly a week now. Occasionally the computer will work, but after a reboot or letting the computer run for like 5 hours, the problem resurfaces. Below are my MBAM logs, Gmerlogs, and OTL logs. Please help. If you need any other information please do not hesitate to ask. Thank you.

MBAM logs, and OTL extras are attached

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 LiveTurbineMessageService;Turbine Message Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-10-28 267760]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2008-8-10 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2008-10-6 154432]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-10-6 54608]
R3 AVerFx2hbtv64;AVerMedia A321 MiniCard Hybrid Tuner;C:\Windows\System32\drivers\AVerFx2hbtv64.sys [2008-8-3 279552]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2008-8-3 53248]
R3 JmtFltr;n52te;C:\Windows\System32\drivers\JmtFltr.sys [2009-12-25 46464]
R3 mfeavfk;McAfee Inc.;C:\Windows\System32\drivers\mfeavfk.sys [2008-8-10 93256]
R3 mfehidk;McAfee Inc.;C:\Windows\System32\drivers\mfehidk.sys [2008-8-10 259528]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2008-8-3 3148288]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2007-3-13 326656]
S1 mferkdk;VSCore mferkdk;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys [2008-10-6 38344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-10-28 218608]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-7 93184]

=============== Created Last 30 ================

2010-12-07 05:55:13 -------- d-----w- C:\Program Files (x86)\ESET
2010-12-07 03:41:32 -------- d-----w- C:\PROGRA~3\Autorun Eater
2010-12-07 03:41:27 -------- d-----w- C:\Program Files (x86)\Autorun Eater
2010-12-07 01:29:00 -------- d-----w- C:\SDFix
2010-12-06 21:32:19 -------- d-----w- C:\Users\Steve-O\DoctorWeb
2010-12-06 19:51:14 -------- d-----w- C:\Users\Steve-O\AppData\Roaming\SUPERAntiSpyware.com
2010-12-06 19:51:14 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-12-06 19:50:56 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-12-06 19:50:51 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-12-06 18:07:59 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{46CDF02F-846F-4508-BFED-778E2E487EF2}\mpengine.dll
2010-12-05 20:48:31 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-12-05 07:00:46 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-04 20:40:15 49265 ----a-w- C:\Windows\SysWow64\jpicpl32.cpl
2010-12-04 19:38:53 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-04 19:38:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-04 19:20:44 -------- d-----w- C:\Program Files\CCleaner
2010-12-04 19:18:42 -------- d-----w- C:\Users\Steve-O\AppData\Roaming\GlarySoft
2010-12-04 19:18:41 -------- d-----w- C:\Program Files (x86)\Glary Registry Repair
2010-12-04 01:58:39 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-04 01:58:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-04 00:58:29 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-12-04 00:58:14 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-11-11 18:30:24 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2010-11-11 16:11:46 -------- d-----w- C:\Users\Steve-O\AppData\Local\PMB Files
2010-11-11 16:11:45 -------- d-----w- C:\PROGRA~3\PMB Files
2010-11-10 00:04:29 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 00:04:29 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

==================== Find3M ====================

2010-11-29 22:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-09-20 12:14:32 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-09-20 09:25:01 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-09-10 16:37:06 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-10 15:52:05 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-08 17:26:59 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-09-08 16:46:38 1032704 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-09-08 15:53:07 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 15:28:29 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-08 15:26:20 485376 ----a-w- C:\Windows\System32\html.iec
2010-09-08 15:00:33 1383424 ----a-w- C:\Windows\System32\mshtml.tlb

============= FINISH: 1:19:05.21 ===============



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-06 23:20:14
Windows 6.0.6001 Service Pack 1
Running: 5qmu6pt6.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e377512d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002186670570 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002186670570@00249f3c4afe 0xE2 0x1E 0xE7 0xA7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xB9 0xCA 0x03 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x8B 0xDC 0xC7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xB7 0x9B 0x40 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x7A 0x55 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e377512d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186670570 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186670570@00249f3c4afe 0xE2 0x1E 0xE7 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xB9 0xCA 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x8B 0xDC 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xB7 0x9B 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x7A 0x55 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e377512d8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186670570
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186670570@00249f3c4afe 0xE2 0x1E 0xE7 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xB9 0xCA 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x8B 0xDC 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xB7 0x9B 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x7A 0x55 0x03 ...

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 12/6/2010 10:52:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Steve-O\Desktop\Security
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 41.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.42 Gb Total Space | 14.57 Gb Free Space | 14.80% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 39.45 Gb Free Space | 35.29% Space Free | Partition Type: NTFS
Drive E: | 13.37 Gb Total Space | 2.34 Gb Free Space | 17.50% Space Free | Partition Type: NTFS

Computer Name: STEVE-O-PC | User Name: Steve-O | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve-O\Desktop\Security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\n52te\n52teHid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\n52te\n52teTra.exe ()
PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)


========== Modules (SafeList) ==========

MOD - C:\Users\Steve-O\Desktop\Security\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (libusbd) -- C:\Windows\SysNative\libusbd-nt.exe File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\STacSV64.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LiveTurbineMessageService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
SRV - (LiveTurbineNetworkService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)
SRV - (McShield) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (Com4Qlb) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys ()
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys ()
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys ()
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys ()
DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS ()
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (AVerFx2hbtv64) -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\DRIVERS\vhidmini.sys ()
DRV:64bit: - (JmtFltr) -- C:\Windows\SysNative\drivers\JmtFltr.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys ()
DRV:64bit: - (NETw4v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys ()
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys ()
DRV:64bit: - (Si3531) -- C:\Windows\SysNative\DRIVERS\Si3531.sys ()
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys ()
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (eabfiltr) -- C:\Windows\SysNative\DRIVERS\eabfiltr64.sys ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys ()
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\DRIVERS\cpqbttn64.sys ()
DRV:64bit: - (uisp) -- C:\Windows\SysNative\Drivers\usbicp.sys ()
DRV - (mferkdk) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys (McAfee, Inc.)
DRV - (uisp) -- C:\Windows\SysWOW64\drivers\USBICP.sys (Motorola)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.gamesradar.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49859

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gamesradar.com/"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {342366CA-5842-4D7B-8C54-3F3124ECABAE}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49859

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/31 20:46:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/30 18:02:33 | 000,000,000 | ---D | M]

[2008/08/05 21:31:43 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Extensions
[2010/12/06 16:14:32 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions
[2009/08/09 16:44:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 16:33:56 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/12/03 00:46:26 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions\illimitux@illimitux.net
[2008/10/23 20:11:29 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions\moveplayer@movenetworks.com
[2008/08/05 21:31:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/04 16:10:09 | 000,426,617 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14694 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steve-O\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Steve-O\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_01\bin\NPJPI150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{3201205a-0917-11df-971c-002186670570}\Shell - "" = AutoRun
O33 - MountPoints2\{3201205a-0917-11df-971c-002186670570}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{d73cc56f-09af-11de-a955-002186670570}\Shell - "" = AutoRun
O33 - MountPoints2\{d73cc56f-09af-11de-a955-002186670570}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e0eef4cd-2655-11df-bac3-002186670570}\Shell - "" = AutoRun
O33 - MountPoints2\{e0eef4cd-2655-11df-bac3-002186670570}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fee57693-7b9c-11dd-a3b5-002186670570}\Shell - "" = AutoRun
O33 - MountPoints2\{fee57693-7b9c-11dd-a3b5-002186670570}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 22:45:43 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\AppData\Roaming\Avira
[2010/12/06 22:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/12/06 22:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/12/06 22:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2010/12/06 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2010/12/06 20:29:00 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/12/06 20:25:43 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\Desktop\Security
[2010/12/06 16:32:19 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\DoctorWeb
[2010/12/06 14:51:14 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/06 14:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/06 14:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/06 14:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/05 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/12/05 16:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/12/05 16:08:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/05 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/12/05 15:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/05 15:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/04 15:40:15 | 000,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\jpicpl32.cpl
[2010/12/04 14:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/04 14:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/04 14:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/04 14:18:42 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\AppData\Roaming\GlarySoft
[2010/12/04 14:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Registry Repair
[2010/12/03 20:58:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/03 20:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/03 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/12/03 19:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/11 16:26:23 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\Documents\Vindictus
[2010/11/11 13:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2010/11/11 11:11:46 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\AppData\Local\PMB Files
[2010/11/11 11:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[1996/11/18 00:00:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[6 C:\Users\Steve-O\Documents\*.tmp files -> C:\Users\Steve-O\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/06 22:43:33 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/06 22:41:29 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2010/12/06 22:18:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-261287017-3795730463-87405456-1000UA.job
[2010/12/06 22:05:45 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/06 22:05:45 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/06 20:33:53 | 000,005,742 | ---- | M] () -- C:\Users\Steve-O\Documents\cc_20101206_203331.reg
[2010/12/06 20:12:47 | 000,716,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/06 20:12:47 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/06 20:12:47 | 000,108,196 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/06 20:09:26 | 000,427,266 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/06 20:09:05 | 000,000,254 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/06 20:08:57 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/12/06 20:06:34 | 000,427,266 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/06 20:05:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/06 20:03:35 | 000,001,908 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/06 14:50:56 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/06 11:47:30 | 000,027,935 | ---- | M] () -- C:\Users\Steve-O\AppData\Roaming\8B05.A05
[2010/12/06 03:18:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-261287017-3795730463-87405456-1000Core.job
[2010/12/05 17:57:50 | 000,011,155 | ---- | M] () -- C:\Users\Steve-O\Documents\XmAS 2011.docx
[2010/12/05 16:30:05 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/12/05 16:14:10 | 000,002,711 | ---- | M] () -- C:\Users\Steve-O\Desktop\Attach.rar
[2010/12/05 16:08:09 | 000,000,905 | ---- | M] () -- C:\Users\Steve-O\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/05 16:07:43 | 000,000,725 | ---- | M] () -- C:\Users\Steve-O\Desktop\NTREGOPT.lnk
[2010/12/05 16:07:43 | 000,000,706 | ---- | M] () -- C:\Users\Steve-O\Desktop\ERUNT.lnk
[2010/12/05 15:49:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/12/05 15:31:12 | 000,000,000 | ---- | M] () -- C:\Users\Steve-O\AppData\Local\prvlcl.dat
[2010/12/04 16:14:15 | 000,086,412 | ---- | M] () -- C:\Users\Steve-O\Documents\cc_20101204_161410.reg
[2010/12/04 16:10:09 | 000,426,617 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/12/04 15:18:19 | 000,059,904 | ---- | M] () -- C:\Users\Steve-O\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 14:38:56 | 000,001,083 | ---- | M] () -- C:\Users\Steve-O\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/04 14:38:56 | 000,001,059 | ---- | M] () -- C:\Users\Steve-O\Desktop\Spybot - Search & Destroy.lnk
[2010/12/04 14:29:43 | 000,397,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/04 14:23:39 | 000,415,696 | ---- | M] () -- C:\Users\Steve-O\Documents\cc_20101204_142248.reg
[2010/12/04 14:20:52 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/04 14:18:46 | 000,000,838 | ---- | M] () -- C:\Users\Steve-O\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Registry Repair.lnk
[2010/12/04 14:18:46 | 000,000,814 | ---- | M] () -- C:\Users\Steve-O\Desktop\Glary Registry Repair.lnk
[2010/12/03 20:58:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/03 20:47:59 | 000,000,036 | ---- | M] () -- C:\Users\Steve-O\AppData\Local\housecall.guid.cache
[2010/12/03 19:58:17 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/02 17:50:02 | 000,173,748 | ---- | M] () -- C:\Users\Steve-O\Documents\JIBL Fall 2010 Note 2 edits.docx
[2010/12/01 16:52:53 | 000,179,357 | ---- | M] () -- C:\Users\Steve-O\Documents\LEASE AGREEMENT.pdf
[2010/12/01 16:52:44 | 000,032,079 | ---- | M] () -- C:\Users\Steve-O\Documents\LEASE AGREEMENT.docx
[2010/12/01 12:00:21 | 000,020,826 | ---- | M] () -- C:\Users\Steve-O\Documents\Steve TL final.docx
[2010/11/30 21:13:53 | 000,017,191 | ---- | M] () -- C:\Users\Steve-O\Documents\Oral Arg.docx
[2010/11/30 17:26:26 | 000,024,044 | ---- | M] () -- C:\Users\Steve-O\Documents\FRANK FISINO AFFI.docx
[2010/11/30 00:12:59 | 000,028,398 | ---- | M] () -- C:\Users\Steve-O\Documents\PT Skills memo final.docx
[2010/11/29 20:38:45 | 000,164,304 | ---- | M] () -- C:\Users\Steve-O\Documents\6 Hickey.docx
[2010/11/29 20:38:45 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$Hickey.docx
[2010/11/29 20:38:15 | 000,268,288 | ---- | M] () -- C:\Users\Steve-O\Desktop\6 Hickey.doc
[2010/11/29 18:28:53 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$3213.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 17:01:11 | 000,015,042 | ---- | M] () -- C:\Users\Steve-O\Documents\STIPS.docx
[2010/11/29 15:11:31 | 000,145,344 | ---- | M] () -- C:\Users\Steve-O\Documents\5 Hickey.docx
[2010/11/29 13:59:49 | 000,054,426 | ---- | M] () -- C:\Users\Steve-O\Documents\Stipulations of Settlement.pdf
[2010/11/28 23:51:53 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$ Skills memo final.docx
[2010/11/28 18:23:00 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$ANK FISINO AFFI.docx
[2010/11/28 15:54:18 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$.assignment.fall.2010.docx
[2010/11/28 15:33:35 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$eve TL final.docx
[2010/11/26 16:47:50 | 000,000,312 | ---- | M] () -- C:\Users\Steve-O\Desktop\Curse Client.appref-ms
[2010/11/22 23:24:37 | 000,010,257 | ---- | M] () -- C:\Users\Steve-O\Documents\GTX460.docx
[2010/11/22 23:24:12 | 000,031,803 | ---- | M] () -- C:\Users\Steve-O\Documents\TL.assignment.fall.2010.docx
[2010/11/21 16:44:13 | 000,048,640 | ---- | M] () -- C:\Users\Steve-O\Documents\TL.assignment.fall.2010.doc
[2010/11/15 19:05:16 | 000,038,428 | ---- | M] () -- C:\Users\Steve-O\Documents\Letter and Resume.docx
[2010/11/15 18:55:49 | 000,012,996 | ---- | M] () -- C:\Users\Steve-O\Documents\LG cover letter.docx
[2010/11/14 23:00:48 | 000,012,927 | ---- | M] () -- C:\Users\Steve-O\Documents\FISINO JURY CHARGE.docx
[2010/11/14 22:39:47 | 000,059,411 | ---- | M] () -- C:\Users\Steve-O\Documents\FISINO JURY CHARGE.pdf
[2010/11/10 14:27:04 | 000,014,784 | ---- | M] () -- C:\Users\Steve-O\Documents\Settlement on Judgment with notice.docx
[2010/11/10 12:14:19 | 000,052,950 | ---- | M] () -- C:\Users\Steve-O\Documents\Lit Drafting OTSC-FINAL.docx
[2010/11/10 12:02:19 | 000,031,958 | ---- | M] () -- C:\Users\Steve-O\Documents\LBA OTSC FINAL UPDATED.docx
[2010/11/10 10:40:48 | 000,038,317 | ---- | M] () -- C:\Users\Steve-O\Documents\lba final memo updated(1).docx
[2010/11/10 02:37:30 | 000,037,100 | ---- | M] () -- C:\Users\Steve-O\Documents\lba final memo updated.docx
[2010/11/09 21:04:56 | 000,022,942 | ---- | M] () -- C:\Users\Steve-O\Documents\LBA OTSC Final.docx
[2010/11/09 21:01:14 | 000,021,815 | ---- | M] () -- C:\Users\Steve-O\Documents\lba final memo.docx
[2010/11/07 20:31:02 | 000,017,612 | ---- | M] () -- C:\Users\Steve-O\Documents\EBT report - MORRELL.docx
[2010/11/07 20:15:36 | 000,071,167 | ---- | M] () -- C:\Users\Steve-O\Documents\EBT report - MORRELL.pdf
[2010/11/07 20:08:48 | 000,072,792 | ---- | M] () -- C:\Users\Steve-O\Documents\JIBL Vol X No 1 Defeis-edits-1.docx
[6 C:\Users\Steve-O\Documents\*.tmp files -> C:\Users\Steve-O\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/06 22:43:33 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/06 22:43:14 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/12/06 22:43:14 | 000,081,584 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/06 22:41:29 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2010/12/06 20:33:44 | 000,005,742 | ---- | C] () -- C:\Users\Steve-O\Documents\cc_20101206_203331.reg
[2010/12/06 14:50:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/05 16:30:05 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/12/05 16:14:10 | 000,002,711 | ---- | C] () -- C:\Users\Steve-O\Desktop\Attach.rar
[2010/12/05 16:08:09 | 000,000,905 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/05 16:07:43 | 000,000,725 | ---- | C] () -- C:\Users\Steve-O\Desktop\NTREGOPT.lnk
[2010/12/05 16:07:43 | 000,000,706 | ---- | C] () -- C:\Users\Steve-O\Desktop\ERUNT.lnk
[2010/12/05 15:49:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/12/05 15:48:47 | 000,415,312 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\dd_vcredistMSI77D6.txt
[2010/12/05 15:48:47 | 000,013,630 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\dd_vcredistUI77D6.txt
[2010/12/04 16:14:12 | 000,086,412 | ---- | C] () -- C:\Users\Steve-O\Documents\cc_20101204_161410.reg
[2010/12/04 14:38:56 | 000,001,083 | ---- | C] () -- C:\Users\Steve-O\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/04 14:38:56 | 000,001,059 | ---- | C] () -- C:\Users\Steve-O\Desktop\Spybot - Search & Destroy.lnk
[2010/12/04 14:22:54 | 000,415,696 | ---- | C] () -- C:\Users\Steve-O\Documents\cc_20101204_142248.reg
[2010/12/04 14:20:52 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/04 14:18:46 | 000,000,838 | ---- | C] () -- C:\Users\Steve-O\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Registry Repair.lnk
[2010/12/04 14:18:46 | 000,000,814 | ---- | C] () -- C:\Users\Steve-O\Desktop\Glary Registry Repair.lnk
[2010/12/03 20:58:40 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/03 20:47:59 | 000,000,036 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\housecall.guid.cache
[2010/12/03 20:27:21 | 000,011,155 | ---- | C] () -- C:\Users\Steve-O\Documents\XmAS 2011.docx
[2010/12/03 19:58:17 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/03 16:43:02 | 000,027,935 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\8B05.A05
[2010/12/01 16:48:46 | 000,179,357 | ---- | C] () -- C:\Users\Steve-O\Documents\LEASE AGREEMENT.pdf
[2010/12/01 12:35:13 | 000,032,079 | ---- | C] () -- C:\Users\Steve-O\Documents\LEASE AGREEMENT.docx
[2010/11/30 20:36:34 | 000,017,191 | ---- | C] () -- C:\Users\Steve-O\Documents\Oral Arg.docx
[2010/11/29 20:38:45 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$Hickey.docx
[2010/11/29 20:38:43 | 000,164,304 | ---- | C] () -- C:\Users\Steve-O\Documents\6 Hickey.docx
[2010/11/29 20:38:13 | 000,268,288 | ---- | C] () -- C:\Users\Steve-O\Desktop\6 Hickey.doc
[2010/11/29 18:28:53 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$3213.docx
[2010/11/29 15:11:28 | 000,145,344 | ---- | C] () -- C:\Users\Steve-O\Documents\5 Hickey.docx
[2010/11/29 13:59:48 | 000,054,426 | ---- | C] () -- C:\Users\Steve-O\Documents\Stipulations of Settlement.pdf
[2010/11/28 23:51:53 | 000,028,398 | ---- | C] () -- C:\Users\Steve-O\Documents\PT Skills memo final.docx
[2010/11/28 23:51:53 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$ Skills memo final.docx
[2010/11/28 18:23:00 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$ANK FISINO AFFI.docx
[2010/11/28 18:22:59 | 000,024,044 | ---- | C] () -- C:\Users\Steve-O\Documents\FRANK FISINO AFFI.docx
[2010/11/28 18:17:51 | 000,015,042 | ---- | C] () -- C:\Users\Steve-O\Documents\STIPS.docx
[2010/11/28 15:54:18 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$.assignment.fall.2010.docx
[2010/11/28 15:33:35 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$eve TL final.docx
[2010/11/28 15:33:34 | 000,020,826 | ---- | C] () -- C:\Users\Steve-O\Documents\Steve TL final.docx
[2010/11/22 23:24:36 | 000,010,257 | ---- | C] () -- C:\Users\Steve-O\Documents\GTX460.docx
[2010/11/22 23:24:09 | 000,031,803 | ---- | C] () -- C:\Users\Steve-O\Documents\TL.assignment.fall.2010.docx
[2010/11/21 16:44:12 | 000,048,640 | ---- | C] () -- C:\Users\Steve-O\Documents\TL.assignment.fall.2010.doc
[2010/11/18 21:31:47 | 000,173,748 | ---- | C] () -- C:\Users\Steve-O\Documents\JIBL Fall 2010 Note 2 edits.docx
[2010/11/15 19:05:15 | 000,038,428 | ---- | C] () -- C:\Users\Steve-O\Documents\Letter and Resume.docx
[2010/11/15 18:55:48 | 000,012,996 | ---- | C] () -- C:\Users\Steve-O\Documents\LG cover letter.docx
[2010/11/14 22:39:45 | 000,059,411 | ---- | C] () -- C:\Users\Steve-O\Documents\FISINO JURY CHARGE.pdf
[2010/11/13 18:04:56 | 000,012,927 | ---- | C] () -- C:\Users\Steve-O\Documents\FISINO JURY CHARGE.docx
[2010/11/10 14:27:03 | 000,014,784 | ---- | C] () -- C:\Users\Steve-O\Documents\Settlement on Judgment with notice.docx
[2010/11/10 12:07:44 | 000,052,950 | ---- | C] () -- C:\Users\Steve-O\Documents\Lit Drafting OTSC-FINAL.docx
[2010/11/10 10:40:47 | 000,038,317 | ---- | C] () -- C:\Users\Steve-O\Documents\lba final memo updated(1).docx
[2010/11/10 02:37:29 | 000,037,100 | ---- | C] () -- C:\Users\Steve-O\Documents\lba final memo updated.docx
[2010/11/09 21:03:53 | 000,031,958 | ---- | C] () -- C:\Users\Steve-O\Documents\LBA OTSC FINAL UPDATED.docx
[2010/11/08 17:04:21 | 000,021,815 | ---- | C] () -- C:\Users\Steve-O\Documents\lba final memo.docx
[2010/11/07 20:05:19 | 000,071,167 | ---- | C] () -- C:\Users\Steve-O\Documents\EBT report - MORRELL.pdf
[2010/11/07 19:43:51 | 000,022,942 | ---- | C] () -- C:\Users\Steve-O\Documents\LBA OTSC Final.docx
[2010/11/07 18:09:11 | 000,017,612 | ---- | C] () -- C:\Users\Steve-O\Documents\EBT report - MORRELL.docx
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/13 19:27:43 | 000,000,077 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/13 19:25:35 | 000,001,669 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/28 14:30:25 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\prvlcl.dat
[2010/06/11 18:50:32 | 000,000,120 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\Izofi.dat
[2010/06/11 18:50:32 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\Bmepitaduxotoye.bin
[2010/06/11 18:49:08 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\chrtmp
[2010/05/10 18:35:15 | 000,000,016 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\msesbucf.txt
[2010/04/13 13:54:20 | 000,000,095 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\fusioncache.dat
[2010/04/06 15:06:00 | 000,007,808 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\d3d9caps.dat
[2010/03/12 22:28:55 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\QSwitch.txt
[2010/03/12 22:28:55 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\DSwitch.txt
[2010/03/12 22:28:55 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\AtStart.txt
[2010/03/12 22:22:49 | 000,059,904 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 21:21:59 | 000,009,780 | -HS- | C] () -- C:\Users\Steve-O\AppData\Local\D0vGv42335R44
[2010/01/29 17:18:33 | 000,002,994 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\com.koingosw.LibrarianPro.xml
[2009/10/28 15:26:47 | 000,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/26 19:22:01 | 000,427,266 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/26 19:22:01 | 000,427,266 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/19 16:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/09/01 23:49:08 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2008/08/10 21:33:43 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig
[2008/08/05 15:35:57 | 000,078,717 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\nvModes.001
[2008/08/05 15:35:54 | 000,078,717 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\nvModes.dat
[2008/02/25 06:38:23 | 000,002,298 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/08/10 10:56:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\ESxUtil.dll
[1996/11/18 00:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll
[1996/11/18 00:00:00 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\P2sodbc.dll
[1996/11/18 00:00:00 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\P2irdao.dll
[1996/11/18 00:00:00 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\P2ctdao.dll
[1996/11/18 00:00:00 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\P2bbnd.dll
[1996/05/25 16:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\fxtls432.dll

========== LOP Check ==========

[2010/02/10 20:02:43 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Bioshock2
[2010/05/12 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2008/09/05 17:47:38 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\DAEMON Tools
[2010/12/06 15:50:02 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Defense Center
[2008/08/05 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\DigitalPersona
[2008/09/01 22:06:49 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\DNA
[2010/12/04 14:18:42 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\GlarySoft
[2010/01/29 17:18:32 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Librarian Pro
[2009/10/22 10:57:09 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\LimeWire
[2010/07/23 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\LolClient
[2009/09/27 11:22:02 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/06/16 15:35:43 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\LPECommon
[2010/01/29 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\MediaMan
[2009/12/28 22:17:38 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\n52te
[2009/09/29 11:23:45 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\NeopleLauncherDFO
[2010/01/29 17:08:13 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Obsidium
[2010/10/12 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\runic games
[2009/11/02 21:14:34 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\SystemRequirementsLab
[2010/04/13 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Turbine
[2010/04/06 16:32:07 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Unity
[2010/12/06 20:03:35 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/09/30 07:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/09/30 07:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\SwSetup\Drivers\MISC4\Winall\Driver64\IaStor.sys
[2007/09/30 07:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007/09/30 07:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\SwSetup\Drivers\MISC4\Winall\Driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/10 13:18:25 | 010,624,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Files - Unicode (All) ==========
[2010/11/11 16:28:35 | 000,000,000 | ---D | M](C:\Users\Steve-O\Documents\?? ???) -- C:\Users\Steve-O\Documents\넥슨 플러그
[2010/11/11 16:28:35 | 000,000,000 | ---D | C](C:\Users\Steve-O\Documents\?? ???) -- C:\Users\Steve-O\Documents\넥슨 플러그

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 14 December 2010 - 09:23 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:08 PM

Posted 19 December 2010 - 07:27 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users