Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Recovery Virus, TDSS, Google Redirecting


  • This topic is locked This topic is locked
16 replies to this topic

#1 Franchise

Franchise

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 04 June 2011 - 09:55 PM

A few hours ago my computer got hit with the dreaded Vista Recovery Virus. It ran for several minutes before I shut down my computer. When I started my computer again, I ran MBAM and it found several infections which it then quarantined. I thought the problem had been solved. Upon restarting my computer several desktop icons were missing. I logged onto the internet and my google results were redirecting. Also iexplorer.exe starts running everytime my computer starts now. And on top of this I have had the audio ads playing on my speakers. I ran SuperAntiSpyware but that didn't find anything. MBAM isn't finding anything on new scans. I also tried downloading and running TDSSKiller but the .exe file would not open. This is where things currently stand. I am in desparate need of professional help.

NOTE: I tried running GMER scan twice and my computer shut down both times shortly after scan began, therefore I have no GMER log. Sorry.



Here's the DDS Log -



.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.6000.16609 BrowserJavaVersion: 1.6.0_24
Run by Nick at 19:37:08 on 2011-06-04
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.214 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tmq.bingstart.com/?cfg=2-168-0-1j0Qn
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [149760] c:\users\nick\appdata\local\temp\149760.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0F28615-55E1-42CC-8D17-3E3510908B39} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EBC84A27-4C6A-4E47-AC55-C2A2EF908B60} : DhcpNameServer = 192.168.1.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nick\appdata\roaming\mozilla\firefox\profiles\tpph4uqr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - 134.102.68.201
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 134.102.68.201
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56808
FF - prefs.js: network.proxy.socks - 134.102.68.201
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 134.102.68.201
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\nick\appdata\roaming\move networks\plugins\npqmp071503000010.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-4 366640]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-10-5 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-10-5 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-10-5 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-10-5 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-10-5 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-10-5 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-10-5 109864]
.
=============== Created Last 30 ================
.
2011-06-05 00:58:33 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-05 00:31:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 00:30:09 -------- d-----w- c:\users\nick\appdata\roaming\SUPERAntiSpyware.com
2011-06-05 00:29:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-05 00:19:31 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-05 00:19:09 -------- d-----w- c:\programdata\Hitman Pro
2011-06-04 05:51:40 -------- d-----w- c:\users\nick\appdata\roaming\Boilsoft
2011-06-04 05:51:36 -------- d-----w- c:\program files\Boilsoft Video Joiner
2011-06-03 08:32:54 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a3bfe4fa-62e0-414f-a662-9e843a63a868}\mpengine.dll
2011-05-28 23:08:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-17 20:05:47 -------- d-----w- c:\users\nick\appdata\roaming\KYL
2011-05-11 16:59:36 49152 ----a-w- c:\program files\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
2011-05-11 16:59:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 16:59:30 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 16:59:30 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 16:59:29 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 16:59:29 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 16:59:29 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-11 16:59:28 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-11 16:59:28 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
.
==================== Find3M ====================
.
2011-04-27 17:33:07 3263 ----a-w- C:\defenderfix.reg
2011-04-19 22:39:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 19:38:03.25 ===============

Okay, I've been working vigorously over the past 24 hours to eliminate this thing. I did some searching and found a program called FixTDSS. I ran that as I had been unable to run TDSSKiller and it said it repaired an infected file. I rebooted my computer and everything seemed fine. Then after a minute or two on Firefox the Vista Recovery Virus popped up again. My computer screen went black and I held the power button to shut it off.

Today I turned on the computer again and went into safe mode with networking. I browsed the internet and came across this site - http://www.hackinghome.com/vista-recovery-virus-remove

I followed the steps listed there. I didn't use Rkill.exe however I did use both eXplorer.exe and iexplore.exe. I then ran MBAM which found 6 infected objects that I then quarantined. I rebooted the computer and ran both expolore.exe and iexplore.exe once again. I then tried TDSSKiller and it successfully worked this time. It discovered and infected file - volsnap.sys which it repaired after rebooting the computer. I then ran unhide.exe to get my desktop icons and start menu folders back.

This is where things stand currently. Everything seems to be fine, but I still would like someone to verify whether my system is clean or not. So I am posting new DDS and Attach logs below. Note: I am also posting the log for MBAM which found 6 infected objects. I wasn't sure if I should copy & paste it so I have also attached that.



--------------------
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.6000.16609 BrowserJavaVersion: 1.6.0_24
Run by Nick at 14:16:44 on 2011-06-05
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.125 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tmq.bingstart.com/?cfg=2-168-0-1j0Qn
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0F28615-55E1-42CC-8D17-3E3510908B39} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EBC84A27-4C6A-4E47-AC55-C2A2EF908B60} : DhcpNameServer = 192.168.1.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nick\appdata\roaming\mozilla\firefox\profiles\tpph4uqr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - 134.102.68.201
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 134.102.68.201
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56808
FF - prefs.js: network.proxy.socks - 134.102.68.201
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 134.102.68.201
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\nick\appdata\roaming\move networks\plugins\npqmp071503000010.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-10-5 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-10-5 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-10-5 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-10-5 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-10-5 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-10-5 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-10-5 109864]
.
=============== Created Last 30 ================
.
2011-06-05 17:54:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 17:54:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 17:54:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 00:58:33 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-05 00:30:09 -------- d-----w- c:\users\nick\appdata\roaming\SUPERAntiSpyware.com
2011-06-05 00:29:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-05 00:19:31 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-05 00:19:09 -------- d-----w- c:\programdata\Hitman Pro
2011-06-04 05:51:40 -------- d-----w- c:\users\nick\appdata\roaming\Boilsoft
2011-06-04 05:51:36 -------- d-----w- c:\program files\Boilsoft Video Joiner
2011-06-03 08:32:54 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a3bfe4fa-62e0-414f-a662-9e843a63a868}\mpengine.dll
2011-05-17 20:05:47 -------- d-----w- c:\users\nick\appdata\roaming\KYL
2011-05-11 16:59:36 49152 ----a-w- c:\program files\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
2011-05-11 16:59:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 16:59:30 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 16:59:30 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 16:59:29 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 16:59:29 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 16:59:29 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-11 16:59:28 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-11 16:59:28 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
.
==================== Find3M ====================
.
2011-06-05 19:44:48 208488 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-04-27 17:33:07 3263 ----a-w- C:\defenderfix.reg
2011-04-19 22:39:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 14:17:54.82 ===============

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 05 June 2011 - 05:58 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:14 AM

Posted 11 June 2011 - 10:59 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Franchise

Franchise
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 11 June 2011 - 11:37 AM

Thanks for the reply. My system has been running fine ever since went through the procedures I described in my last post. However, I had to reinstall Microsoft Office and copy Adminstrative Tools over from another computer as those were still missing. Also still missing are many files from the Accessories and Maintenance folders in the start menu. I have yet to copy those from another system. Aside from that everything seems to be great.

--------------------
OTL Extras logfile created on: 6/11/2011 9:26:27 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Nick\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.31 Mb Total Physical Memory | 398.52 Mb Available Physical Memory | 41.59% Memory free
2.12 Gb Paging File | 1.37 Gb Available in Paging File | 64.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 2.65 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 1.84 Gb Free Space | 15.54% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1575482397-4069540635-46351700-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1 -- [2011/05/04 17:41:01 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1 -- [2011/05/04 17:41:01 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1 -- [2011/05/04 17:41:01 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1 -- [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1575482397-4069540635-46351700-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2011/05/04 17:41:01 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2103:TCP" = 2103:TCP:*:Enabled:@xpsp2res.dll,-22003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2011/05/04 17:41:01 | 000,000,000 | ---D | M]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"%systemroot%\system32\winnt\cssrs.exe" = %systemroot%\system32\winnt\cssrs.exe:*:Enabled:@xpsp2res.dll,-22019
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CC93CC-101C-4E89-82DE-B3D44EEFDC60}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{37B23E13-7DAD-43DD-A524-8EF375C14F0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3DABC49B-C92A-4003-BF0C-0E675058D4F2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6B4737EA-1119-441D-B573-2F58ECE8B899}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7F810CC9-AF16-4324-9579-563B6180ACD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADBAD719-CC8A-4B5F-8A01-54B70349151F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D1CBCEDE-B525-4E9B-B1BA-6D43289E0D59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8EC07E8-3E20-4F86-AB7A-791AB1F1ED39}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05025778-EE75-4535-9262-0FC62329B1D9}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{111AB774-4123-476F-BAB3-B39287DEC087}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{13F57FA0-60CC-4B9C-AF8D-50EF102ABF48}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15F9A471-8027-46D7-B87D-3B00E00613F1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{17A663FD-CB15-4D33-8A21-104864E284B7}" = protocol=6 | dir=in | app=c:\program files\proxy switcher standard\proxyswitcher.exe |
"{1DFC843A-0F50-4D32-8109-398CE4CAA97A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1F7F852B-30EC-4F03-A20F-988C28581E87}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6C38893E-240C-474D-8B1E-3088CB700623}" = protocol=17 | dir=in | app=c:\users\nick\appdata\local\temp\7zsb02e.tmp\symnrt.exe |
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7363C71B-4DEF-46F7-A0EB-FF71F4268A36}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{751EC4FE-5F28-4A6B-9185-FE56225470B4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{75433EF6-AC77-4CF7-BEB8-8965990CE3E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96FC36F6-4A9C-4F62-8E4B-0DB0D3C31D1F}" = protocol=6 | dir=in | app=c:\users\nick\appdata\local\temp\7zsb02e.tmp\symnrt.exe |
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A0A63DC4-E1E7-45F5-889D-E285FA86FD1F}" = protocol=17 | dir=in | app=c:\program files\proxy switcher standard\proxyswitcher.exe |
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B53655B4-6403-4A16-BB77-041FD462C49C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C37260FB-131B-4500-A57D-8BFBFF249E97}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CF2DCC03-C2FC-4165-98B3-BBE86D88B4F8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DCDF923A-8903-4A33-99C5-A1A4E648EE90}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{060DB690-BAA7-4E31-8F36-03A069682411}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{260A96E5-37FD-45BE-81A4-84A43B188B9E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{2A03C20F-4DE7-4212-BEFD-66DC4C8E2514}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{3BBB38E9-21C4-43FF-ACCF-EC3C7E9EF066}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{3EA48A3E-747E-49B0-A30B-C53BC11FC397}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{41843896-D815-441F-B990-00DBFC9C5A6D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4186703A-0F02-4F45-91ED-9FA23FDD47B9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{45C38736-C160-4F92-BB10-05107DFEA45B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{4ADEFC0A-28D3-46BC-A4FA-99A4B2B6A791}C:\program files\kazaa lite tools\kazaa lite tools\kazaalite.kpp" = protocol=6 | dir=in | app=c:\program files\kazaa lite tools\kazaa lite tools\kazaalite.kpp |
"TCP Query User{4F16F2D5-7B8A-40C1-A932-1C8BA9A9BBAC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{53E0F3ED-6995-492D-A8EF-A930C28F870E}C:\program files\kazaa lite tools\kazaalite.kpp" = protocol=6 | dir=in | app=c:\program files\kazaa lite tools\kazaalite.kpp |
"TCP Query User{57C9A586-5E11-450C-AC3E-3619DE7DCA53}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"TCP Query User{5AB9F6D7-08AD-404D-9963-5259A6A06079}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5F57D4C2-4DDE-444C-ABCA-D366D977283A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5FAB2AC0-A592-4F66-8261-FFD56B189B96}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{7080C269-7029-4787-97EC-DA7D36722D55}C:\users\nick\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nick\program files\dna\btdna.exe |
"TCP Query User{7C52C5E4-69FF-405D-ACB0-B6774B6A14B6}C:\program files\kazaa lite tools k++\kazaalite.kpp" = protocol=6 | dir=in | app=c:\program files\kazaa lite tools k++\kazaalite.kpp |
"TCP Query User{7F4EE7B1-1DC5-4180-B532-88BC2737FE1E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8262A599-E578-458D-907A-E6D5E426F1F8}C:\program files\kazaa lite tools\kazaa lite tools\kazaalite.kpp" = protocol=6 | dir=in | app=c:\program files\kazaa lite tools\kazaa lite tools\kazaalite.kpp |
"TCP Query User{9372BAC8-EF5C-4882-8986-2EBFDF87DC36}C:\windows\system32\winnt\cssrs.exe" = protocol=6 | dir=in | app=c:\windows\system32\winnt\cssrs.exe |
"TCP Query User{BE7CEDE3-679B-4435-98AF-F7FDF2FCB159}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{D1F1DFAF-8E08-465B-99CC-8FDAB9342379}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{DD913796-C2B3-4648-86C8-F50F789237C5}C:\users\nick\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nick\program files\dna\btdna.exe |
"TCP Query User{DF713F02-70FC-4460-9DD8-CC4E6D9D76E2}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{DF9B93A2-6F23-4321-B779-E3CF0CD1138D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{E5377DB2-4A7E-4B26-AEAE-00DBCE528165}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E5D51521-CCA3-4BD7-B62D-9630F3B1944C}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{EAC0DF6F-B239-4EC7-9FFA-0C65E9354506}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{FFE6F917-5BE7-4651-8927-65AAC7235469}C:\program files\kazaa lite tools\kazaalite.kpp" = protocol=6 | dir=in | app=c:\program files\kazaa lite tools\kazaalite.kpp |
"UDP Query User{0B72E683-3C94-4DB0-AA0F-9A5C61EF7BE4}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{124DCC25-E42C-4EB7-B8F5-3681F97FEBB4}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2751409C-AC51-4C07-ACD9-B7B4082A9AC3}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{29DCAFF7-4F48-4542-8AA0-257D72E28E9C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{4538E0D4-C87A-42A6-8585-F6DBFE35C629}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{4D55AF11-AD46-4B63-BCEE-E8C5449BF1A6}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{4F7C99B3-A0F6-4067-BE67-F83E64F02A5C}C:\program files\kazaa lite tools\kazaa lite tools\kazaalite.kpp" = protocol=17 | dir=in | app=c:\program files\kazaa lite tools\kazaa lite tools\kazaalite.kpp |
"UDP Query User{57BD1956-2B66-4A69-8735-6983D227CDA7}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{5B3E893A-7A41-4ACC-A084-4516DA3C31C1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{60B8014D-D6F2-43D7-8260-0862FDCB9B35}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{61E9AB64-FFAA-403B-8548-46B8B74CA68C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6A0553AB-CC58-4ED4-B458-4A8C8067B4E2}C:\program files\kazaa lite tools\kazaa lite tools\kazaalite.kpp" = protocol=17 | dir=in | app=c:\program files\kazaa lite tools\kazaa lite tools\kazaalite.kpp |
"UDP Query User{8E48350F-4A43-43F3-A221-F98397F72F6A}C:\program files\kazaa lite tools k++\kazaalite.kpp" = protocol=17 | dir=in | app=c:\program files\kazaa lite tools k++\kazaalite.kpp |
"UDP Query User{8F5C8C0F-CA2A-4535-8A40-3E6C8A287BF6}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{96153D55-9052-436D-B6EA-7A242D47496F}C:\windows\system32\winnt\cssrs.exe" = protocol=17 | dir=in | app=c:\windows\system32\winnt\cssrs.exe |
"UDP Query User{990BD21C-BE08-4F48-8CF3-09928BA36B5D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{9E167AD7-B22B-408E-94C7-208692A918A3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A50A3628-79DF-4CD6-96F7-91D86E188EF7}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{A69BA32F-6A85-4DF9-9355-FBE2B7C53E98}C:\users\nick\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nick\program files\dna\btdna.exe |
"UDP Query User{A6AA3755-86F0-491C-BE66-895C2F980CFF}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{A7056C2A-B5E7-42C6-ACCC-C050A1981F4C}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{AFDFC40D-9A71-4892-A117-E3987EB0F972}C:\users\nick\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nick\program files\dna\btdna.exe |
"UDP Query User{B3A51911-65D1-4C28-9E3A-F721BD39CC6D}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{B61D5348-C8A7-4C17-ABDD-8FBBF5E43CE3}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{BF5B558D-1BB3-4603-8903-67553DF0695C}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{C2EFABF5-2BBA-48A5-872C-60566E968D2E}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{CA58A50F-7C47-4A0B-9FF4-790B292C34DE}C:\program files\kazaa lite tools\kazaalite.kpp" = protocol=17 | dir=in | app=c:\program files\kazaa lite tools\kazaalite.kpp |
"UDP Query User{D28C5E48-96AA-4A25-A3E8-32B301DC1563}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EEC97A34-4D2A-4BC9-BE91-EF14A732A44A}C:\program files\kazaa lite tools\kazaalite.kpp" = protocol=17 | dir=in | app=c:\program files\kazaa lite tools\kazaalite.kpp |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{253AD5C7-94ED-44BF-AA0C-890A80817A87}_is1" = Boilsoft Video Splitter 6.06
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{471B83B9-29D8-41EC-9974-56BB8A457A8B}" = EPSON Stylus CX4400 Series Scanner Driver Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.55
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Kazaa Lite Tools K++" = Kazaa Lite Tools K++
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.89
"Silent Package Run-Time Sample" = EPSON CX4400 Series User's Guide
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0108
"Ultra Video Splitter_is1" = Ultra Video Splitter 5.4.0822
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1575482397-4069540635-46351700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2011 1:43:34 AM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 6/11/2011 1:45:29 AM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 6/11/2011 1:48:36 AM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 6/11/2011 12:11:44 PM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 6/11/2011 12:15:20 PM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 6/11/2011 12:18:15 PM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 6/11/2011 12:19:39 PM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 6/11/2011 12:21:07 PM | Computer Name = Nick-PC | Source = WerSvc | ID = 5007
Description =

Error - 6/11/2011 12:25:02 PM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

Error - 6/11/2011 12:29:42 PM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3083
Description =

[ Media Center Events ]
Error - 3/2/2011 8:40:55 PM | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.

Error - 3/2/2011 8:41:27 PM | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsTemplate.

[ System Events ]
Error - 6/10/2011 7:53:34 PM | Computer Name = Nick-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 6/10/2011 7:53:34 PM | Computer Name = Nick-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
13, function 0. Please contact your system vendor for technical assistance.

Error - 6/10/2011 7:53:45 PM | Computer Name = Nick-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6
Description =

Error - 6/10/2011 7:54:17 PM | Computer Name = Nick-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.5,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 6/10/2011 7:54:19 PM | Computer Name = Nick-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/10/2011 8:06:27 PM | Computer Name = Nick-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/11/2011 1:56:10 AM | Computer Name = Nick-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/11/2011 12:09:54 PM | Computer Name = Nick-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 6/11/2011 12:09:54 PM | Computer Name = Nick-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
13, function 0. Please contact your system vendor for technical assistance.

Error - 6/11/2011 12:10:07 PM | Computer Name = Nick-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6
Description =


< End of report >
------------------------------

OTL logfile created on: 6/11/2011 9:26:27 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Nick\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.31 Mb Total Physical Memory | 398.52 Mb Available Physical Memory | 41.59% Memory free
2.12 Gb Paging File | 1.37 Gb Available in Paging File | 64.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 2.65 Gb Free Space | 1.93% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 1.84 Gb Free Space | 15.54% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 09:20:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/11/06 16:03:23 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2007/12/05 20:31:26 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/15 01:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 09:20:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007/12/05 20:31:26 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2007/09/19 13:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/09 15:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 16:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 19:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 14:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://tmq.bingstart.com/?cfg=2-168-0-1j0Qn
IE - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.4
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..network.proxy.backup.ftp: "134.102.68.201"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "134.102.68.201"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "134.102.68.201"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "134.102.68.201"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "134.102.68.201"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "134.102.68.201"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56808
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "134.102.68.201"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "134.102.68.201"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 09:59:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/05 16:32:58 | 000,000,000 | ---D | M]

[2008/06/17 17:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2011/05/23 15:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpph4uqr.default\extensions
[2011/05/11 09:59:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpph4uqr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/08 10:14:33 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpph4uqr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/04/08 10:14:36 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpph4uqr.default\extensions\jyboy.yy@gmail.com
[2010/10/17 10:21:13 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpph4uqr.default\extensions\vshare@toolbar
[2008/06/20 14:43:43 | 000,000,908 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpph4uqr.default\searchplugins\imdb.xml
[2011/06/07 16:17:10 | 000,002,087 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpph4uqr.default\searchplugins\youtube.xml
[2011/05/11 09:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/23 19:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/11 09:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/05/11 09:59:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2009/07/24 16:19:38 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\NICK\APPDATA\ROAMING\MOVE NETWORKS
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/19 15:39:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/08/07 19:03:00 | 000,000,732 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1575482397-4069540635-46351700-1000..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 [2011/05/04 17:41:01 | 000,000,000 | ---D | M]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\..Trusted Ranges: Range1 ([http] in Computer)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nick\Pictures\Ultiman.JPG
O24 - Desktop BackupWallPaper: C:\Users\Nick\Pictures\Ultiman.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 21:36:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/04/22 14:38:02 | 000,000,277 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{aa065f5b-85a3-11e0-a734-001b24fee676}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 09:20:07 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2011/06/08 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\TNA.Impact.06.02.11.Miss.Tessmacher.vs.Angelina.Love.720p.x264
[2011/06/08 16:37:14 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\TNA.Impact.05.05.11.Miss.Tessmacher.vs.Mickie.James.720p.x264
[2011/06/08 16:36:41 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\TNA.Impact.05.12.11.Mickie.James.Ms.Tessmacher.vs.Madison.Rayne.Tara.720p.x264
[2011/06/08 16:35:50 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\TNA.Impact.05.19.11.Knockout.Tag.Match.720p.x264
[2011/06/07 22:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boilsoft Video Splitter
[2011/06/07 22:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Boilsoft Video Splitter
[2011/06/06 10:19:03 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Shoots
[2011/06/05 22:48:31 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apps
[2011/06/05 16:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/06/05 16:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/06/05 16:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/06/05 16:19:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/06/05 16:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/06/05 16:12:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/05 10:54:39 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/05 10:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/05 10:54:35 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/05 10:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/05 01:18:02 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Fix
[2011/06/04 17:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/06/04 17:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/04 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011/06/03 22:51:40 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Boilsoft
[2011/06/03 22:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boilsoft
[2011/06/03 22:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Boilsoft Video Joiner
[2011/05/17 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\KYL
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 09:20:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2011/06/11 09:19:32 | 000,139,264 | ---- | M] () -- C:\Users\Nick\Desktop\RKUnhookerLE.EXE
[2011/06/11 09:10:54 | 000,119,016 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\nvModes.001
[2011/06/11 09:10:52 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/11 09:10:37 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/06/11 09:10:17 | 000,003,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 09:10:17 | 000,003,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 09:10:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/10 22:37:27 | 021,997,508 | ---- | M] () -- C:\Users\Nick\Desktop\020111daily.mp3
[2011/06/10 22:31:56 | 000,217,088 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 20:18:00 | 001,593,018 | ---- | M] () -- C:\Users\Nick\Desktop\DSC00004.JPG
[2011/06/10 20:17:42 | 001,599,085 | ---- | M] () -- C:\Users\Nick\Desktop\DSC00003.JPG
[2011/06/10 16:53:45 | 123,189,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/08 11:10:11 | 410,047,748 | ---- | M] () -- C:\Users\Nick\Desktop\Carson_-_Ass_Wreckage_03.avi
[2011/06/07 22:21:15 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Boilsoft Video Splitter.lnk
[2011/06/06 09:52:11 | 000,007,944 | ---- | M] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat
[2011/06/05 22:30:03 | 000,363,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/05 16:42:00 | 000,000,732 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/06/05 16:25:09 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/06/05 16:01:18 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 11:08:40 | 000,000,160 | ---- | M] () -- C:\ProgramData\~23584528r
[2011/06/05 11:08:40 | 000,000,136 | ---- | M] () -- C:\ProgramData\~23584528
[2011/06/05 10:41:41 | 000,000,336 | ---- | M] () -- C:\ProgramData\23584528
[2011/06/04 19:28:43 | 000,000,000 | ---- | M] () -- C:\Users\Nick\defogger_reenable
[2011/06/04 17:19:31 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/04 16:32:46 | 000,000,336 | ---- | M] () -- C:\ProgramData\23518992
[2011/06/04 14:51:13 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\37a07520
[2011/06/04 14:51:13 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\3766a217
[2011/06/04 14:51:10 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7180b865
[2011/06/04 14:51:10 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7144d3a2
[2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\1b5773a7
[2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\198d87c7
[2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\18ffe28f
[2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\18bd6cc5
[2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\186ea2de
[2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\17523fad
[2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\1712dcf5
[2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\16d8c1d7
[2011/06/04 14:50:53 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\57082fea
[2011/06/04 14:50:53 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\56013c97
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6dbbef18
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6d7e0a0a
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6d31c161
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6d1ff0f2
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6cd95c70
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6c93200e
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6be42349
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6a12276c
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\67246989
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\66ee3125
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\66a962ac
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\65123a85
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\645eae5c
[2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\634afe1d
[2011/06/04 14:06:16 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\f781358f
[2011/06/04 14:06:16 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\f73b6e18
[2011/06/04 14:06:05 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\3c9851a0
[2011/06/04 14:06:05 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\3c5a5d34
[2011/06/04 14:05:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\86f76c09
[2011/06/04 14:05:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\86b84df3
[2011/06/04 14:05:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\867ff3ed
[2011/06/04 14:05:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\85a9f337
[2011/06/04 14:05:28 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\68fff860
[2011/06/04 14:05:28 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\548d0a4b
[2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d1a2809e
[2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d16c0509
[2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d12d0b3a
[2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d0f73717
[2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d0cb5907
[2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d090c662
[2011/06/04 14:05:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\fe195657
[2011/06/04 14:05:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\fc47f03b
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\235586d3
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\230ea8ae
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\22aa875b
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\2265f016
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\222b0d16
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\20d750d1
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\1ffbb758
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\1fba4486
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\184f1f05
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\181048db
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\14f4c20a
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\14b83c36
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\10edb76d
[2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\10ac655b
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e73ceafb
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e70641fe
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e6c8672a
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e6923de9
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e68e8f55
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e65b4645
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e6213964
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e5ece075
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e5ab6d15
[2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e576506e
[2011/06/03 22:56:55 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\f7a31539
[2011/06/03 22:56:55 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\f768d546
[2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\8a74563c
[2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\88daec60
[2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\88768b7d
[2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\8839bbc4
[2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\87f9e35e
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\83516c0f
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\82a2a97d
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\82656ab6
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7ce906f7
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7cb042fb
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7c685de2
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7c229357
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7afcb0d3
[2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7ab6d18e
[2011/06/03 22:53:40 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b526e8da
[2011/06/03 22:53:40 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b4d489b6
[2011/06/03 22:53:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e20088f4
[2011/06/03 22:53:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e1cc8f54
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\bb86c08d
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\bb3e5de1
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\ba75ae2d
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b9c0a276
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b97cf64b
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b94787ff
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b905dbd3
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b8cf80df
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b8925bab
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b8614a16
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b82db1bc
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b7693bde
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b727fb0f
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b6f3d89f
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b6b906eb
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b6acc96e
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b66cd381
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b6620690
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b62cfe98
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b5b03db8
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b577c57e
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b4b12771
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b3ef3895
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b2f40a0e
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b2afd070
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b26b0ee9
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b1f0e831
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b1ae8be7
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b16f0006
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b0f01559
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b0ac3ac3
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b040121a
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\aff4bcb8
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\afb7fc11
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\af7c5acd
[2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\af387f86
[2011/06/03 22:52:42 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e71c49e
[2011/06/03 22:52:42 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e387614
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4b5d9678
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4b1b7020
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4aaefcec
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4a738d8e
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4a36a154
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4a1e86d2
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\47973dea
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\475d74d4
[2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\42e61641
[2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\42aa8779
[2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4266f261
[2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\42288861
[2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4109cbb3
[2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\40cc1d81
[2011/06/03 22:52:29 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\57b80ed6
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\635c136c
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\62340c0b
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\60526628
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5f96c0b8
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5f52018b
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5daec8f4
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5c9da2f0
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5c657d18
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\551125e4
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\540de659
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5316e9d1
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\52de7ee1
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4b3ddcbd
[2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4afd83f7
[2011/06/03 22:51:40 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Boilsoft Video Joiner.lnk
[2011/06/03 11:25:16 | 000,136,299 | ---- | M] () -- C:\Users\Nick\Desktop\4.jpg
[2011/06/03 11:24:22 | 000,134,884 | ---- | M] () -- C:\Users\Nick\Desktop\3.jpg
[2011/06/03 11:23:39 | 000,123,277 | ---- | M] () -- C:\Users\Nick\Desktop\2.jpg
[2011/06/03 11:23:20 | 000,121,157 | ---- | M] () -- C:\Users\Nick\Desktop\1.jpg
[2011/05/30 20:52:52 | 000,119,016 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\nvModes.dat
[2011/05/29 18:23:26 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/29 18:23:26 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 15:33:43 | 000,002,346 | -HS- | M] () -- C:\Users\Nick\AppData\Local\s5oi77fu3i7a068ut8fxi01q805v2232pm0
[2011/05/28 15:33:43 | 000,002,346 | -HS- | M] () -- C:\ProgramData\s5oi77fu3i7a068ut8fxi01q805v2232pm0
[2011/05/23 17:09:02 | 000,007,182 | -HS- | M] () -- C:\ProgramData\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2
[2011/05/23 17:09:01 | 000,007,182 | -HS- | M] () -- C:\Users\Nick\AppData\Local\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2
[2011/05/13 11:04:49 | 000,004,096 | ---- | M] () -- C:\Users\Nick\AppData\Local\keyfile3.drm
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 09:19:37 | 000,139,264 | ---- | C] () -- C:\Users\Nick\Desktop\RKUnhookerLE.EXE
[2011/06/10 20:37:47 | 021,997,508 | ---- | C] () -- C:\Users\Nick\Desktop\020111daily.mp3
[2011/06/10 12:18:48 | 001,593,018 | ---- | C] () -- C:\Users\Nick\Desktop\DSC00004.JPG
[2011/06/10 12:18:47 | 001,599,085 | ---- | C] () -- C:\Users\Nick\Desktop\DSC00003.JPG
[2011/06/08 16:56:26 | 123,189,328 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/08 09:27:43 | 410,047,748 | ---- | C] () -- C:\Users\Nick\Desktop\Carson_-_Ass_Wreckage_03.avi
[2011/06/07 22:21:15 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Boilsoft Video Splitter.lnk
[2011/06/05 16:42:00 | 000,000,732 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/06/05 13:21:40 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\My HP Games.lnk
[2011/06/05 13:21:40 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2011/06/05 13:21:40 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2011/06/05 13:21:40 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk
[2011/06/05 13:21:40 | 000,000,943 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/05 13:21:40 | 000,000,938 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/05 13:21:40 | 000,000,830 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/05 13:21:40 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/05 13:21:40 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Boilsoft Video Joiner.lnk
[2011/06/05 13:21:40 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/06/05 13:21:40 | 000,000,258 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/05 13:21:40 | 000,000,240 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/05 11:08:40 | 000,000,160 | ---- | C] () -- C:\ProgramData\~23584528r
[2011/06/05 11:08:39 | 000,000,136 | ---- | C] () -- C:\ProgramData\~23584528
[2011/06/05 10:54:39 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 10:41:41 | 000,000,336 | ---- | C] () -- C:\ProgramData\23584528
[2011/06/04 19:28:43 | 000,000,000 | ---- | C] () -- C:\Users\Nick\defogger_reenable
[2011/06/04 17:19:31 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/04 16:32:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\23518992
[2011/06/04 14:51:13 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\37a07520
[2011/06/04 14:51:13 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\3766a217
[2011/06/04 14:51:10 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7180b865
[2011/06/04 14:51:10 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7144d3a2
[2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\1b5773a7
[2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\198d87c7
[2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\18ffe28f
[2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\18bd6cc5
[2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\186ea2de
[2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\17523fad
[2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\1712dcf5
[2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\16d8c1d7
[2011/06/04 14:50:53 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\57082fea
[2011/06/04 14:50:53 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\56013c97
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6dbbef18
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6d7e0a0a
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6d31c161
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6d1ff0f2
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6cd95c70
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6c93200e
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6be42349
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6a12276c
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\67246989
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\66ee3125
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\66a962ac
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\65123a85
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\645eae5c
[2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\634afe1d
[2011/06/04 14:06:16 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\f781358f
[2011/06/04 14:06:16 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\f73b6e18
[2011/06/04 14:06:05 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\3c9851a0
[2011/06/04 14:06:05 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\3c5a5d34
[2011/06/04 14:05:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\86f76c09
[2011/06/04 14:05:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\86b84df3
[2011/06/04 14:05:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\867ff3ed
[2011/06/04 14:05:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\85a9f337
[2011/06/04 14:05:28 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\68fff860
[2011/06/04 14:05:28 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\548d0a4b
[2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d1a2809e
[2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d16c0509
[2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d12d0b3a
[2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d0f73717
[2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d0cb5907
[2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d090c662
[2011/06/04 14:05:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\fe195657
[2011/06/04 14:05:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\fc47f03b
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\235586d3
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\230ea8ae
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\22aa875b
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\2265f016
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\222b0d16
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\20d750d1
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\1ffbb758
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\1fba4486
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\184f1f05
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\181048db
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\14f4c20a
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\14b83c36
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\10edb76d
[2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\10ac655b
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e73ceafb
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e70641fe
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e6c8672a
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e6923de9
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e68e8f55
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e65b4645
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e6213964
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e5ece075
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e5ab6d15
[2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e576506e
[2011/06/03 22:56:55 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\f7a31539
[2011/06/03 22:56:55 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\f768d546
[2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\8a74563c
[2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\88daec60
[2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\88768b7d
[2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\8839bbc4
[2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\87f9e35e
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\83516c0f
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\82a2a97d
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\82656ab6
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7ce906f7
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7cb042fb
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7c685de2
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7c229357
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7afcb0d3
[2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7ab6d18e
[2011/06/03 22:53:40 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b526e8da
[2011/06/03 22:53:40 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b4d489b6
[2011/06/03 22:53:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e20088f4
[2011/06/03 22:53:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e1cc8f54
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\bb86c08d
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\bb3e5de1
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\ba75ae2d
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b9c0a276
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b97cf64b
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b94787ff
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b905dbd3
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b8cf80df
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b8925bab
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b8614a16
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b82db1bc
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b7693bde
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b727fb0f
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b6f3d89f
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b6b906eb
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b6acc96e
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b66cd381
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b6620690
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b62cfe98
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b5b03db8
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b577c57e
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b4b12771
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b3ef3895
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b2f40a0e
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b2afd070
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b26b0ee9
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b1f0e831
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b1ae8be7
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b16f0006
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b0f01559
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b0ac3ac3
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b040121a
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\aff4bcb8
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\afb7fc11
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\af7c5acd
[2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\af387f86
[2011/06/03 22:52:42 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e71c49e
[2011/06/03 22:52:42 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e387614
[2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4b5d9678
[2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4b1b7020
[2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4aaefcec
[2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4a738d8e
[2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4a36a154
[2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4a1e86d2
[2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\47973dea
[2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\475d74d4
[2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\42e61641
[2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\42aa8779
[2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4266f261
[2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\42288861
[2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4109cbb3
[2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\40cc1d81
[2011/06/03 22:52:29 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\57b80ed6
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\635c136c
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\62340c0b
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\60526628
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5f96c0b8
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5f52018b
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5daec8f4
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5c9da2f0
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5c657d18
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\551125e4
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\540de659
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5316e9d1
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\52de7ee1
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4b3ddcbd
[2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4afd83f7
[2011/06/03 11:27:08 | 000,134,884 | ---- | C] () -- C:\Users\Nick\Desktop\3.jpg
[2011/06/03 11:24:20 | 000,136,299 | ---- | C] () -- C:\Users\Nick\Desktop\4.jpg
[2011/06/03 11:23:38 | 000,123,277 | ---- | C] () -- C:\Users\Nick\Desktop\2.jpg
[2011/06/03 11:23:18 | 000,121,157 | ---- | C] () -- C:\Users\Nick\Desktop\1.jpg
[2011/05/28 15:12:20 | 000,002,346 | -HS- | C] () -- C:\Users\Nick\AppData\Local\s5oi77fu3i7a068ut8fxi01q805v2232pm0
[2011/05/28 15:12:20 | 000,002,346 | -HS- | C] () -- C:\ProgramData\s5oi77fu3i7a068ut8fxi01q805v2232pm0
[2011/05/23 17:06:25 | 000,007,182 | -HS- | C] () -- C:\Users\Nick\AppData\Local\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2
[2011/05/23 17:06:25 | 000,007,182 | -HS- | C] () -- C:\ProgramData\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2
[2011/04/27 13:18:02 | 000,007,696 | -HS- | C] () -- C:\Users\Nick\AppData\Local\77d1j25v201j7yqbb66nke782g3568ox5y0336li67ufvio
[2011/04/27 13:18:02 | 000,007,696 | -HS- | C] () -- C:\ProgramData\77d1j25v201j7yqbb66nke782g3568ox5y0336li67ufvio
[2011/04/26 22:44:10 | 000,008,058 | -HS- | C] () -- C:\Users\Nick\AppData\Local\wpuynoj5jc2x8iv7oc1188o6
[2011/04/26 22:44:10 | 000,008,058 | -HS- | C] () -- C:\ProgramData\wpuynoj5jc2x8iv7oc1188o6
[2011/02/23 17:34:15 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/23 17:34:13 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/23 17:34:13 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/23 17:34:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/02/16 16:58:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/16 16:45:47 | 000,006,558 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6B32.809
[2010/12/03 21:06:47 | 000,000,913 | ---- | C] () -- C:\ProgramData\1728327683.dat
[2010/09/13 16:21:56 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/26 10:11:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/06/18 00:41:13 | 000,000,000 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\chrtmp
[2010/05/16 16:23:59 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/05/16 16:23:59 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/10/26 12:18:17 | 000,000,067 | ---- | C] () -- C:\Windows\Speed Video Splitter.INI
[2009/08/05 22:59:50 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2009/06/10 19:27:04 | 000,004,096 | ---- | C] () -- C:\Users\Nick\AppData\Local\keyfile3.drm
[2009/03/10 22:05:51 | 000,026,843 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\UserTile.png
[2009/03/02 22:30:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/25 11:22:45 | 000,007,944 | ---- | C] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat
[2008/06/06 13:01:14 | 000,128,328 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2008/03/11 18:51:04 | 000,003,722 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\wklnhst.dat
[2008/03/10 20:25:36 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/03/10 20:25:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/03/10 20:25:36 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/03/10 20:25:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/03/10 20:25:36 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/03/10 20:25:36 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/03/10 20:25:36 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/03/10 20:25:36 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/03/10 20:25:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/03/10 20:25:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/03/10 20:25:36 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/03/10 20:25:36 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/03/10 20:25:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/03/10 20:25:36 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/03/10 20:25:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/03/10 20:25:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/03/10 20:20:20 | 000,000,044 | ---- | C] () -- C:\Windows\EPCX4400.ini
[2008/03/10 13:03:45 | 000,119,016 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\nvModes.001
[2008/03/09 15:15:33 | 000,119,016 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\nvModes.dat
[2008/03/08 19:30:11 | 000,217,088 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/08 15:36:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/19 02:07:06 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/19 02:02:38 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/05 21:51:03 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,363,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,621,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,104,868 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
-------------------------

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x894BA000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7626752 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65 )
0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x81C00000 PnpManager 3805184 bytes
0x81C00000 RAW 3805184 bytes
0x81C00000 WMIxWDM 3805184 bytes
0x91200000 Win32k 2093056 bytes
0x91200000 C:\Windows\System32\win32k.sys 2093056 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x84CF8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x8069D000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B46A000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x892FF000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1052672 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0x97D22000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B67A000 C:\Windows\System32\drivers\tcpip.sys 856064 bytes (Microsoft Corporation, TCP/IP Driver)
0x88E16000 C:\Windows\system32\DRIVERS\athr.sys 757760 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8B74B000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x89262000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x95882000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x84C8E000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x968EA000 C:\Windows\system32\drivers\HTTP.sys 417792 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x88ECF000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x96F57000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x8040D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B9B9000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8022A000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8947A000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B56D000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x88643000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8027A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B96B000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x96FC7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x80639000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x84C58000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x81FA1000 ACPI_HAL 212992 bytes
0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x89E52000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8B61F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x807B1000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8B5D0000 C:\Windows\system32\drivers\CHDART.sys 196608 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x89233000 C:\Windows\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8B002000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89208000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80672000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x95857000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x89FD6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x94FDA000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8B5AB000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x84C33000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8047F000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x96FA3000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x89440000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x84C01000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B439000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x96842000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x807E2000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x96824000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x942C7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x968CF000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x96876000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B400000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x88619000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8B914000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x89463000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8B609000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8B665000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0x96862000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8879C000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8B651000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8877C000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8941E000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x94C15000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8B9A6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88631000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x96812000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x84C22000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x807A1000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x85BBC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x94250000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80465000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x85AEC000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x85BCC000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x85631000 C:\Windows\system32\DRIVERS\amdk8.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x943D1000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8060B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8061A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x89431000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8860A000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x89402000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x8020A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x88F20000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x94610000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x88F3C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88F2E000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80457000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x85A88000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x89F13000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x89F06000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x89411000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8878F000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8026D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8AA52000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x85C01000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x88771000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x88766000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x88E00000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x88E0B000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B88B000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8875B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x85C65000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80475000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x886C6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x88694000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x886F8000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8869E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x886B2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8868A000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8AD8B000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x80602000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8AD70000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x88732000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x802BD000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8AD82000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94600000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8873B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88744000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80221000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8ADAF000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x80405000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x802B5000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x85CA8000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x80219000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x85CD8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x85CE0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x80629000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x80631000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x94379000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x85D3D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x85D21000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x85D36000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80200000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x887CE000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x85DE4000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9C1EC000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x97438000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80207000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x85C22000 C:\Windows\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce™ SMU Microcontroller Driver)
0x85A76000 C:\Windows\system32\DRIVERS\HpqRemHid.sys 8192 bytes (Hewlett-Packard Development Company, L.P., HP Remote Control HID Device)
0x85A7A000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x85A64000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:14 AM

Posted 11 June 2011 - 11:50 AM

Hi!

No problem! It looks like we have some work to do. You still seem to be pretty infected. Lets get started.


Did you set these proxies?

FF - prefs.js..network.proxy.backup.ftp: "134.102.68.201"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "134.102.68.201"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "134.102.68.201"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "134.102.68.201"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "134.102.68.201"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "134.102.68.201"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56808
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "134.102.68.201"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "134.102.68.201"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0




OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKU\S-1-5-21-1575482397-4069540635-46351700-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O4 - HKLM..\Run: [UnlockerAssistant] File not found
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O33 - MountPoints2\{aa065f5b-85a3-11e0-a734-001b24fee676}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
    [2011/06/04 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
    [2011/06/05 11:08:40 | 000,000,160 | ---- | M] () -- C:\ProgramData\~23584528r
    [2011/06/05 11:08:40 | 000,000,136 | ---- | M] () -- C:\ProgramData\~23584528
    [2011/06/05 10:41:41 | 000,000,336 | ---- | M] () -- C:\ProgramData\23584528
    [2011/06/04 16:32:46 | 000,000,336 | ---- | M] () -- C:\ProgramData\23518992
    [2011/06/04 14:51:13 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\37a07520
    [2011/06/04 14:51:13 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\3766a217
    [2011/06/04 14:51:10 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7180b865
    [2011/06/04 14:51:10 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7144d3a2
    [2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\1b5773a7
    [2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\198d87c7
    [2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\18ffe28f
    [2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\18bd6cc5
    [2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\186ea2de
    [2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\17523fad
    [2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\1712dcf5
    [2011/06/04 14:51:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\16d8c1d7
    [2011/06/04 14:50:53 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\57082fea
    [2011/06/04 14:50:53 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\56013c97
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6dbbef18
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6d7e0a0a
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6d31c161
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6d1ff0f2
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6cd95c70
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6c93200e
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6be42349
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\6a12276c
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\67246989
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\66ee3125
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\66a962ac
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\65123a85
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\645eae5c
    [2011/06/04 14:50:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\634afe1d
    [2011/06/04 14:06:16 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\f781358f
    [2011/06/04 14:06:16 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\f73b6e18
    [2011/06/04 14:06:05 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\3c9851a0
    [2011/06/04 14:06:05 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\3c5a5d34
    [2011/06/04 14:05:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\86f76c09
    [2011/06/04 14:05:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\86b84df3
    [2011/06/04 14:05:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\867ff3ed
    [2011/06/04 14:05:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\85a9f337
    [2011/06/04 14:05:28 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\68fff860
    [2011/06/04 14:05:28 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\548d0a4b
    [2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d1a2809e
    [2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d16c0509
    [2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d12d0b3a
    [2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d0f73717
    [2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d0cb5907
    [2011/06/04 14:05:26 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\d090c662
    [2011/06/04 14:05:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\fe195657
    [2011/06/04 14:05:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\fc47f03b
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\235586d3
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\230ea8ae
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\22aa875b
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\2265f016
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\222b0d16
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\20d750d1
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\1ffbb758
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\1fba4486
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\184f1f05
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\181048db
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\14f4c20a
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\14b83c36
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\10edb76d
    [2011/06/04 14:05:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\10ac655b
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e73ceafb
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e70641fe
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e6c8672a
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e6923de9
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e68e8f55
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e65b4645
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e6213964
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e5ece075
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e5ab6d15
    [2011/06/03 22:57:08 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e576506e
    [2011/06/03 22:56:55 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\f7a31539
    [2011/06/03 22:56:55 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\f768d546
    [2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\8a74563c
    [2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\88daec60
    [2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\88768b7d
    [2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\8839bbc4
    [2011/06/03 22:56:50 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\87f9e35e
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\83516c0f
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\82a2a97d
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\82656ab6
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7ce906f7
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7cb042fb
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7c685de2
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7c229357
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7afcb0d3
    [2011/06/03 22:56:49 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\7ab6d18e
    [2011/06/03 22:53:40 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b526e8da
    [2011/06/03 22:53:40 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b4d489b6
    [2011/06/03 22:53:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e20088f4
    [2011/06/03 22:53:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e1cc8f54
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\bb86c08d
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\bb3e5de1
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\ba75ae2d
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b9c0a276
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b97cf64b
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b94787ff
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b905dbd3
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b8cf80df
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b8925bab
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b8614a16
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b82db1bc
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b7693bde
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b727fb0f
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b6f3d89f
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b6b906eb
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b6acc96e
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b66cd381
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b6620690
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b62cfe98
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b5b03db8
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b577c57e
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b4b12771
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b3ef3895
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b2f40a0e
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b2afd070
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b26b0ee9
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b1f0e831
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b1ae8be7
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b16f0006
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b0f01559
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b0ac3ac3
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\b040121a
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\aff4bcb8
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\afb7fc11
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\af7c5acd
    [2011/06/03 22:53:12 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\af387f86
    [2011/06/03 22:52:42 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e71c49e
    [2011/06/03 22:52:42 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\e387614
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4b5d9678
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4b1b7020
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4aaefcec
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4a738d8e
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4a36a154
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4a1e86d2
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\47973dea
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\475d74d4
    [2011/06/03 22:52:36 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\42e61641
    [2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\42aa8779
    [2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4266f261
    [2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\42288861
    [2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4109cbb3
    [2011/06/03 22:52:35 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\40cc1d81
    [2011/06/03 22:52:29 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\57b80ed6
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\635c136c
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\62340c0b
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\60526628
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5f96c0b8
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5f52018b
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5daec8f4
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5c9da2f0
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5c657d18
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\551125e4
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\540de659
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\5316e9d1
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\52de7ee1
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4b3ddcbd
    [2011/06/03 22:52:02 | 000,004,634 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\4afd83f7
    [2011/05/28 15:33:43 | 000,002,346 | -HS- | M] () -- C:\Users\Nick\AppData\Local\s5oi77fu3i7a068ut8fxi01q805v2232pm0
    [2011/05/28 15:33:43 | 000,002,346 | -HS- | M] () -- C:\ProgramData\s5oi77fu3i7a068ut8fxi01q805v2232pm0
    [2011/05/23 17:09:02 | 000,007,182 | -HS- | M] () -- C:\ProgramData\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2
    [2011/05/23 17:09:01 | 000,007,182 | -HS- | M] () -- C:\Users\Nick\AppData\Local\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2
    [2011/06/05 11:08:40 | 000,000,160 | ---- | C] () -- C:\ProgramData\~23584528r
    [2011/06/05 11:08:39 | 000,000,136 | ---- | C] () -- C:\ProgramData\~23584528
    [2011/06/05 10:41:41 | 000,000,336 | ---- | C] () -- C:\ProgramData\23584528
    [2011/06/04 16:32:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\23518992
    [2011/06/04 14:51:13 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\37a07520
    [2011/06/04 14:51:13 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\3766a217
    [2011/06/04 14:51:10 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7180b865
    [2011/06/04 14:51:10 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7144d3a2
    [2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\1b5773a7
    [2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\198d87c7
    [2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\18ffe28f
    [2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\18bd6cc5
    [2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\186ea2de
    [2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\17523fad
    [2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\1712dcf5
    [2011/06/04 14:51:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\16d8c1d7
    [2011/06/04 14:50:53 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\57082fea
    [2011/06/04 14:50:53 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\56013c97
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6dbbef18
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6d7e0a0a
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6d31c161
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6d1ff0f2
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6cd95c70
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6c93200e
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6be42349
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6a12276c
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\67246989
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\66ee3125
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\66a962ac
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\65123a85
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\645eae5c
    [2011/06/04 14:50:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\634afe1d
    [2011/06/04 14:06:16 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\f781358f
    [2011/06/04 14:06:16 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\f73b6e18
    [2011/06/04 14:06:05 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\3c9851a0
    [2011/06/04 14:06:05 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\3c5a5d34
    [2011/06/04 14:05:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\86f76c09
    [2011/06/04 14:05:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\86b84df3
    [2011/06/04 14:05:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\867ff3ed
    [2011/06/04 14:05:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\85a9f337
    [2011/06/04 14:05:28 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\68fff860
    [2011/06/04 14:05:28 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\548d0a4b
    [2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d1a2809e
    [2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d16c0509
    [2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d12d0b3a
    [2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d0f73717
    [2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d0cb5907
    [2011/06/04 14:05:26 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\d090c662
    [2011/06/04 14:05:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\fe195657
    [2011/06/04 14:05:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\fc47f03b
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\235586d3
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\230ea8ae
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\22aa875b
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\2265f016
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\222b0d16
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\20d750d1
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\1ffbb758
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\1fba4486
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\184f1f05
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\181048db
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\14f4c20a
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\14b83c36
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\10edb76d
    [2011/06/04 14:05:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\10ac655b
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e73ceafb
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e70641fe
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e6c8672a
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e6923de9
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e68e8f55
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e65b4645
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e6213964
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e5ece075
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e5ab6d15
    [2011/06/03 22:57:08 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e576506e
    [2011/06/03 22:56:55 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\f7a31539
    [2011/06/03 22:56:55 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\f768d546
    [2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\8a74563c
    [2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\88daec60
    [2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\88768b7d
    [2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\8839bbc4
    [2011/06/03 22:56:50 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\87f9e35e
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\83516c0f
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\82a2a97d
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\82656ab6
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7ce906f7
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7cb042fb
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7c685de2
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7c229357
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7afcb0d3
    [2011/06/03 22:56:49 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\7ab6d18e
    [2011/06/03 22:53:40 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b526e8da
    [2011/06/03 22:53:40 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b4d489b6
    [2011/06/03 22:53:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e20088f4
    [2011/06/03 22:53:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e1cc8f54
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\bb86c08d
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\bb3e5de1
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\ba75ae2d
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b9c0a276
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b97cf64b
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b94787ff
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b905dbd3
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b8cf80df
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b8925bab
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b8614a16
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b82db1bc
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b7693bde
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b727fb0f
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b6f3d89f
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b6b906eb
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b6acc96e
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b66cd381
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b6620690
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b62cfe98
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b5b03db8
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b577c57e
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b4b12771
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b3ef3895
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b2f40a0e
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b2afd070
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b26b0ee9
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b1f0e831
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b1ae8be7
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b16f0006
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b0f01559
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b0ac3ac3
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\b040121a
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\aff4bcb8
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\afb7fc11
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\af7c5acd
    [2011/06/03 22:53:12 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\af387f86
    [2011/06/03 22:52:42 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e71c49e
    [2011/06/03 22:52:42 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\e387614
    [2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4b5d9678
    [2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4b1b7020
    [2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4aaefcec
    [2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4a738d8e
    [2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4a36a154
    [2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4a1e86d2
    [2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\47973dea
    [2011/06/03 22:52:36 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\475d74d4
    [2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\42e61641
    [2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\42aa8779
    [2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4266f261
    [2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\42288861
    [2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4109cbb3
    [2011/06/03 22:52:35 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\40cc1d81
    [2011/06/03 22:52:29 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\57b80ed6
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\635c136c
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\62340c0b
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\60526628
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5f96c0b8
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5f52018b
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5daec8f4
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5c9da2f0
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5c657d18
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\551125e4
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\540de659
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\5316e9d1
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\52de7ee1
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4b3ddcbd
    [2011/06/03 22:52:02 | 000,004,634 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\4afd83f7
    [2011/05/28 15:12:20 | 000,002,346 | -HS- | C] () -- C:\Users\Nick\AppData\Local\s5oi77fu3i7a068ut8fxi01q805v2232pm0
    [2011/05/28 15:12:20 | 000,002,346 | -HS- | C] () -- C:\ProgramData\s5oi77fu3i7a068ut8fxi01q805v2232pm0
    [2011/05/23 17:06:25 | 000,007,182 | -HS- | C] () -- C:\Users\Nick\AppData\Local\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2
    [2011/05/23 17:06:25 | 000,007,182 | -HS- | C] () -- C:\ProgramData\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2
    [2011/04/27 13:18:02 | 000,007,696 | -HS- | C] () -- C:\Users\Nick\AppData\Local\77d1j25v201j7yqbb66nke782g3568ox5y0336li67ufvio
    [2011/04/27 13:18:02 | 000,007,696 | -HS- | C] () -- C:\ProgramData\77d1j25v201j7yqbb66nke782g3568ox5y0336li67ufvio
    [2011/04/26 22:44:10 | 000,008,058 | -HS- | C] () -- C:\Users\Nick\AppData\Local\wpuynoj5jc2x8iv7oc1188o6
    [2011/04/26 22:44:10 | 000,008,058 | -HS- | C] () -- C:\ProgramData\wpuynoj5jc2x8iv7oc1188o6
    [2011/02/16 16:45:47 | 000,006,558 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\6B32.809
    [2010/12/03 21:06:47 | 000,000,913 | ---- | C] () -- C:\ProgramData\1728327683.dat
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Franchise

Franchise
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 11 June 2011 - 03:09 PM

To answer your question, I have not touched any of the proxy settings.

New OTL Log:

========== SERVICES/DRIVERS ==========
========== OTL ==========
Service NMSAccess stopped successfully!
Service NMSAccess deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\S-1-5-21-1575482397-4069540635-46351700-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UnlockerAssistant deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa065f5b-85a3-11e0-a734-001b24fee676}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa065f5b-85a3-11e0-a734-001b24fee676}\ not found.
File F:\RunClubSanDisk.exe not found.
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery folder moved successfully.
C:\ProgramData\~23584528r moved successfully.
C:\ProgramData\~23584528 moved successfully.
C:\ProgramData\23584528 moved successfully.
C:\ProgramData\23518992 moved successfully.
C:\Users\Nick\AppData\Roaming\37a07520 moved successfully.
C:\Users\Nick\AppData\Roaming\3766a217 moved successfully.
C:\Users\Nick\AppData\Roaming\7180b865 moved successfully.
C:\Users\Nick\AppData\Roaming\7144d3a2 moved successfully.
C:\Users\Nick\AppData\Roaming\1b5773a7 moved successfully.
C:\Users\Nick\AppData\Roaming\198d87c7 moved successfully.
C:\Users\Nick\AppData\Roaming\18ffe28f moved successfully.
C:\Users\Nick\AppData\Roaming\18bd6cc5 moved successfully.
C:\Users\Nick\AppData\Roaming\186ea2de moved successfully.
C:\Users\Nick\AppData\Roaming\17523fad moved successfully.
C:\Users\Nick\AppData\Roaming\1712dcf5 moved successfully.
C:\Users\Nick\AppData\Roaming\16d8c1d7 moved successfully.
C:\Users\Nick\AppData\Roaming\57082fea moved successfully.
C:\Users\Nick\AppData\Roaming\56013c97 moved successfully.
C:\Users\Nick\AppData\Roaming\6dbbef18 moved successfully.
C:\Users\Nick\AppData\Roaming\6d7e0a0a moved successfully.
C:\Users\Nick\AppData\Roaming\6d31c161 moved successfully.
C:\Users\Nick\AppData\Roaming\6d1ff0f2 moved successfully.
C:\Users\Nick\AppData\Roaming\6cd95c70 moved successfully.
C:\Users\Nick\AppData\Roaming\6c93200e moved successfully.
C:\Users\Nick\AppData\Roaming\6be42349 moved successfully.
C:\Users\Nick\AppData\Roaming\6a12276c moved successfully.
C:\Users\Nick\AppData\Roaming\67246989 moved successfully.
C:\Users\Nick\AppData\Roaming\66ee3125 moved successfully.
C:\Users\Nick\AppData\Roaming\66a962ac moved successfully.
C:\Users\Nick\AppData\Roaming\65123a85 moved successfully.
C:\Users\Nick\AppData\Roaming\645eae5c moved successfully.
C:\Users\Nick\AppData\Roaming\634afe1d moved successfully.
C:\Users\Nick\AppData\Roaming\f781358f moved successfully.
C:\Users\Nick\AppData\Roaming\f73b6e18 moved successfully.
C:\Users\Nick\AppData\Roaming\3c9851a0 moved successfully.
C:\Users\Nick\AppData\Roaming\3c5a5d34 moved successfully.
C:\Users\Nick\AppData\Roaming\86f76c09 moved successfully.
C:\Users\Nick\AppData\Roaming\86b84df3 moved successfully.
C:\Users\Nick\AppData\Roaming\867ff3ed moved successfully.
C:\Users\Nick\AppData\Roaming\85a9f337 moved successfully.
C:\Users\Nick\AppData\Roaming\68fff860 moved successfully.
C:\Users\Nick\AppData\Roaming\548d0a4b moved successfully.
C:\Users\Nick\AppData\Roaming\d1a2809e moved successfully.
C:\Users\Nick\AppData\Roaming\d16c0509 moved successfully.
C:\Users\Nick\AppData\Roaming\d12d0b3a moved successfully.
C:\Users\Nick\AppData\Roaming\d0f73717 moved successfully.
C:\Users\Nick\AppData\Roaming\d0cb5907 moved successfully.
C:\Users\Nick\AppData\Roaming\d090c662 moved successfully.
C:\Users\Nick\AppData\Roaming\fe195657 moved successfully.
C:\Users\Nick\AppData\Roaming\fc47f03b moved successfully.
C:\Users\Nick\AppData\Roaming\235586d3 moved successfully.
C:\Users\Nick\AppData\Roaming\230ea8ae moved successfully.
C:\Users\Nick\AppData\Roaming\22aa875b moved successfully.
C:\Users\Nick\AppData\Roaming\2265f016 moved successfully.
C:\Users\Nick\AppData\Roaming\222b0d16 moved successfully.
C:\Users\Nick\AppData\Roaming\20d750d1 moved successfully.
C:\Users\Nick\AppData\Roaming\1ffbb758 moved successfully.
C:\Users\Nick\AppData\Roaming\1fba4486 moved successfully.
C:\Users\Nick\AppData\Roaming\184f1f05 moved successfully.
C:\Users\Nick\AppData\Roaming\181048db moved successfully.
C:\Users\Nick\AppData\Roaming\14f4c20a moved successfully.
C:\Users\Nick\AppData\Roaming\14b83c36 moved successfully.
C:\Users\Nick\AppData\Roaming\10edb76d moved successfully.
C:\Users\Nick\AppData\Roaming\10ac655b moved successfully.
C:\Users\Nick\AppData\Roaming\e73ceafb moved successfully.
C:\Users\Nick\AppData\Roaming\e70641fe moved successfully.
C:\Users\Nick\AppData\Roaming\e6c8672a moved successfully.
C:\Users\Nick\AppData\Roaming\e6923de9 moved successfully.
C:\Users\Nick\AppData\Roaming\e68e8f55 moved successfully.
C:\Users\Nick\AppData\Roaming\e65b4645 moved successfully.
C:\Users\Nick\AppData\Roaming\e6213964 moved successfully.
C:\Users\Nick\AppData\Roaming\e5ece075 moved successfully.
C:\Users\Nick\AppData\Roaming\e5ab6d15 moved successfully.
C:\Users\Nick\AppData\Roaming\e576506e moved successfully.
C:\Users\Nick\AppData\Roaming\f7a31539 moved successfully.
C:\Users\Nick\AppData\Roaming\f768d546 moved successfully.
C:\Users\Nick\AppData\Roaming\8a74563c moved successfully.
C:\Users\Nick\AppData\Roaming\88daec60 moved successfully.
C:\Users\Nick\AppData\Roaming\88768b7d moved successfully.
C:\Users\Nick\AppData\Roaming\8839bbc4 moved successfully.
C:\Users\Nick\AppData\Roaming\87f9e35e moved successfully.
C:\Users\Nick\AppData\Roaming\83516c0f moved successfully.
C:\Users\Nick\AppData\Roaming\82a2a97d moved successfully.
C:\Users\Nick\AppData\Roaming\82656ab6 moved successfully.
C:\Users\Nick\AppData\Roaming\7ce906f7 moved successfully.
C:\Users\Nick\AppData\Roaming\7cb042fb moved successfully.
C:\Users\Nick\AppData\Roaming\7c685de2 moved successfully.
C:\Users\Nick\AppData\Roaming\7c229357 moved successfully.
C:\Users\Nick\AppData\Roaming\7afcb0d3 moved successfully.
C:\Users\Nick\AppData\Roaming\7ab6d18e moved successfully.
C:\Users\Nick\AppData\Roaming\b526e8da moved successfully.
C:\Users\Nick\AppData\Roaming\b4d489b6 moved successfully.
C:\Users\Nick\AppData\Roaming\e20088f4 moved successfully.
C:\Users\Nick\AppData\Roaming\e1cc8f54 moved successfully.
C:\Users\Nick\AppData\Roaming\bb86c08d moved successfully.
C:\Users\Nick\AppData\Roaming\bb3e5de1 moved successfully.
C:\Users\Nick\AppData\Roaming\ba75ae2d moved successfully.
C:\Users\Nick\AppData\Roaming\b9c0a276 moved successfully.
C:\Users\Nick\AppData\Roaming\b97cf64b moved successfully.
C:\Users\Nick\AppData\Roaming\b94787ff moved successfully.
C:\Users\Nick\AppData\Roaming\b905dbd3 moved successfully.
C:\Users\Nick\AppData\Roaming\b8cf80df moved successfully.
C:\Users\Nick\AppData\Roaming\b8925bab moved successfully.
C:\Users\Nick\AppData\Roaming\b8614a16 moved successfully.
C:\Users\Nick\AppData\Roaming\b82db1bc moved successfully.
C:\Users\Nick\AppData\Roaming\b7693bde moved successfully.
C:\Users\Nick\AppData\Roaming\b727fb0f moved successfully.
C:\Users\Nick\AppData\Roaming\b6f3d89f moved successfully.
C:\Users\Nick\AppData\Roaming\b6b906eb moved successfully.
C:\Users\Nick\AppData\Roaming\b6acc96e moved successfully.
C:\Users\Nick\AppData\Roaming\b66cd381 moved successfully.
C:\Users\Nick\AppData\Roaming\b6620690 moved successfully.
C:\Users\Nick\AppData\Roaming\b62cfe98 moved successfully.
C:\Users\Nick\AppData\Roaming\b5b03db8 moved successfully.
C:\Users\Nick\AppData\Roaming\b577c57e moved successfully.
C:\Users\Nick\AppData\Roaming\b4b12771 moved successfully.
C:\Users\Nick\AppData\Roaming\b3ef3895 moved successfully.
C:\Users\Nick\AppData\Roaming\b2f40a0e moved successfully.
C:\Users\Nick\AppData\Roaming\b2afd070 moved successfully.
C:\Users\Nick\AppData\Roaming\b26b0ee9 moved successfully.
C:\Users\Nick\AppData\Roaming\b1f0e831 moved successfully.
C:\Users\Nick\AppData\Roaming\b1ae8be7 moved successfully.
C:\Users\Nick\AppData\Roaming\b16f0006 moved successfully.
C:\Users\Nick\AppData\Roaming\b0f01559 moved successfully.
C:\Users\Nick\AppData\Roaming\b0ac3ac3 moved successfully.
C:\Users\Nick\AppData\Roaming\b040121a moved successfully.
C:\Users\Nick\AppData\Roaming\aff4bcb8 moved successfully.
C:\Users\Nick\AppData\Roaming\afb7fc11 moved successfully.
C:\Users\Nick\AppData\Roaming\af7c5acd moved successfully.
C:\Users\Nick\AppData\Roaming\af387f86 moved successfully.
C:\Users\Nick\AppData\Roaming\e71c49e moved successfully.
C:\Users\Nick\AppData\Roaming\e387614 moved successfully.
C:\Users\Nick\AppData\Roaming\4b5d9678 moved successfully.
C:\Users\Nick\AppData\Roaming\4b1b7020 moved successfully.
C:\Users\Nick\AppData\Roaming\4aaefcec moved successfully.
C:\Users\Nick\AppData\Roaming\4a738d8e moved successfully.
C:\Users\Nick\AppData\Roaming\4a36a154 moved successfully.
C:\Users\Nick\AppData\Roaming\4a1e86d2 moved successfully.
C:\Users\Nick\AppData\Roaming\47973dea moved successfully.
C:\Users\Nick\AppData\Roaming\475d74d4 moved successfully.
C:\Users\Nick\AppData\Roaming\42e61641 moved successfully.
C:\Users\Nick\AppData\Roaming\42aa8779 moved successfully.
C:\Users\Nick\AppData\Roaming\4266f261 moved successfully.
C:\Users\Nick\AppData\Roaming\42288861 moved successfully.
C:\Users\Nick\AppData\Roaming\4109cbb3 moved successfully.
C:\Users\Nick\AppData\Roaming\40cc1d81 moved successfully.
C:\Users\Nick\AppData\Roaming\57b80ed6 moved successfully.
C:\Users\Nick\AppData\Roaming\635c136c moved successfully.
C:\Users\Nick\AppData\Roaming\62340c0b moved successfully.
C:\Users\Nick\AppData\Roaming\60526628 moved successfully.
C:\Users\Nick\AppData\Roaming\5f96c0b8 moved successfully.
C:\Users\Nick\AppData\Roaming\5f52018b moved successfully.
C:\Users\Nick\AppData\Roaming\5daec8f4 moved successfully.
C:\Users\Nick\AppData\Roaming\5c9da2f0 moved successfully.
C:\Users\Nick\AppData\Roaming\5c657d18 moved successfully.
C:\Users\Nick\AppData\Roaming\551125e4 moved successfully.
C:\Users\Nick\AppData\Roaming\540de659 moved successfully.
C:\Users\Nick\AppData\Roaming\5316e9d1 moved successfully.
C:\Users\Nick\AppData\Roaming\52de7ee1 moved successfully.
C:\Users\Nick\AppData\Roaming\4b3ddcbd moved successfully.
C:\Users\Nick\AppData\Roaming\4afd83f7 moved successfully.
C:\Users\Nick\AppData\Local\s5oi77fu3i7a068ut8fxi01q805v2232pm0 moved successfully.
C:\ProgramData\s5oi77fu3i7a068ut8fxi01q805v2232pm0 moved successfully.
C:\ProgramData\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2 moved successfully.
C:\Users\Nick\AppData\Local\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2 moved successfully.
File C:\ProgramData\~23584528r not found.
File C:\ProgramData\~23584528 not found.
File C:\ProgramData\23584528 not found.
File C:\ProgramData\23518992 not found.
File C:\Users\Nick\AppData\Roaming\37a07520 not found.
File C:\Users\Nick\AppData\Roaming\3766a217 not found.
File C:\Users\Nick\AppData\Roaming\7180b865 not found.
File C:\Users\Nick\AppData\Roaming\7144d3a2 not found.
File C:\Users\Nick\AppData\Roaming\1b5773a7 not found.
File C:\Users\Nick\AppData\Roaming\198d87c7 not found.
File C:\Users\Nick\AppData\Roaming\18ffe28f not found.
File C:\Users\Nick\AppData\Roaming\18bd6cc5 not found.
File C:\Users\Nick\AppData\Roaming\186ea2de not found.
File C:\Users\Nick\AppData\Roaming\17523fad not found.
File C:\Users\Nick\AppData\Roaming\1712dcf5 not found.
File C:\Users\Nick\AppData\Roaming\16d8c1d7 not found.
File C:\Users\Nick\AppData\Roaming\57082fea not found.
File C:\Users\Nick\AppData\Roaming\56013c97 not found.
File C:\Users\Nick\AppData\Roaming\6dbbef18 not found.
File C:\Users\Nick\AppData\Roaming\6d7e0a0a not found.
File C:\Users\Nick\AppData\Roaming\6d31c161 not found.
File C:\Users\Nick\AppData\Roaming\6d1ff0f2 not found.
File C:\Users\Nick\AppData\Roaming\6cd95c70 not found.
File C:\Users\Nick\AppData\Roaming\6c93200e not found.
File C:\Users\Nick\AppData\Roaming\6be42349 not found.
File C:\Users\Nick\AppData\Roaming\6a12276c not found.
File C:\Users\Nick\AppData\Roaming\67246989 not found.
File C:\Users\Nick\AppData\Roaming\66ee3125 not found.
File C:\Users\Nick\AppData\Roaming\66a962ac not found.
File C:\Users\Nick\AppData\Roaming\65123a85 not found.
File C:\Users\Nick\AppData\Roaming\645eae5c not found.
File C:\Users\Nick\AppData\Roaming\634afe1d not found.
File C:\Users\Nick\AppData\Roaming\f781358f not found.
File C:\Users\Nick\AppData\Roaming\f73b6e18 not found.
File C:\Users\Nick\AppData\Roaming\3c9851a0 not found.
File C:\Users\Nick\AppData\Roaming\3c5a5d34 not found.
File C:\Users\Nick\AppData\Roaming\86f76c09 not found.
File C:\Users\Nick\AppData\Roaming\86b84df3 not found.
File C:\Users\Nick\AppData\Roaming\867ff3ed not found.
File C:\Users\Nick\AppData\Roaming\85a9f337 not found.
File C:\Users\Nick\AppData\Roaming\68fff860 not found.
File C:\Users\Nick\AppData\Roaming\548d0a4b not found.
File C:\Users\Nick\AppData\Roaming\d1a2809e not found.
File C:\Users\Nick\AppData\Roaming\d16c0509 not found.
File C:\Users\Nick\AppData\Roaming\d12d0b3a not found.
File C:\Users\Nick\AppData\Roaming\d0f73717 not found.
File C:\Users\Nick\AppData\Roaming\d0cb5907 not found.
File C:\Users\Nick\AppData\Roaming\d090c662 not found.
File C:\Users\Nick\AppData\Roaming\fe195657 not found.
File C:\Users\Nick\AppData\Roaming\fc47f03b not found.
File C:\Users\Nick\AppData\Roaming\235586d3 not found.
File C:\Users\Nick\AppData\Roaming\230ea8ae not found.
File C:\Users\Nick\AppData\Roaming\22aa875b not found.
File C:\Users\Nick\AppData\Roaming\2265f016 not found.
File C:\Users\Nick\AppData\Roaming\222b0d16 not found.
File C:\Users\Nick\AppData\Roaming\20d750d1 not found.
File C:\Users\Nick\AppData\Roaming\1ffbb758 not found.
File C:\Users\Nick\AppData\Roaming\1fba4486 not found.
File C:\Users\Nick\AppData\Roaming\184f1f05 not found.
File C:\Users\Nick\AppData\Roaming\181048db not found.
File C:\Users\Nick\AppData\Roaming\14f4c20a not found.
File C:\Users\Nick\AppData\Roaming\14b83c36 not found.
File C:\Users\Nick\AppData\Roaming\10edb76d not found.
File C:\Users\Nick\AppData\Roaming\10ac655b not found.
File C:\Users\Nick\AppData\Roaming\e73ceafb not found.
File C:\Users\Nick\AppData\Roaming\e70641fe not found.
File C:\Users\Nick\AppData\Roaming\e6c8672a not found.
File C:\Users\Nick\AppData\Roaming\e6923de9 not found.
File C:\Users\Nick\AppData\Roaming\e68e8f55 not found.
File C:\Users\Nick\AppData\Roaming\e65b4645 not found.
File C:\Users\Nick\AppData\Roaming\e6213964 not found.
File C:\Users\Nick\AppData\Roaming\e5ece075 not found.
File C:\Users\Nick\AppData\Roaming\e5ab6d15 not found.
File C:\Users\Nick\AppData\Roaming\e576506e not found.
File C:\Users\Nick\AppData\Roaming\f7a31539 not found.
File C:\Users\Nick\AppData\Roaming\f768d546 not found.
File C:\Users\Nick\AppData\Roaming\8a74563c not found.
File C:\Users\Nick\AppData\Roaming\88daec60 not found.
File C:\Users\Nick\AppData\Roaming\88768b7d not found.
File C:\Users\Nick\AppData\Roaming\8839bbc4 not found.
File C:\Users\Nick\AppData\Roaming\87f9e35e not found.
File C:\Users\Nick\AppData\Roaming\83516c0f not found.
File C:\Users\Nick\AppData\Roaming\82a2a97d not found.
File C:\Users\Nick\AppData\Roaming\82656ab6 not found.
File C:\Users\Nick\AppData\Roaming\7ce906f7 not found.
File C:\Users\Nick\AppData\Roaming\7cb042fb not found.
File C:\Users\Nick\AppData\Roaming\7c685de2 not found.
File C:\Users\Nick\AppData\Roaming\7c229357 not found.
File C:\Users\Nick\AppData\Roaming\7afcb0d3 not found.
File C:\Users\Nick\AppData\Roaming\7ab6d18e not found.
File C:\Users\Nick\AppData\Roaming\b526e8da not found.
File C:\Users\Nick\AppData\Roaming\b4d489b6 not found.
File C:\Users\Nick\AppData\Roaming\e20088f4 not found.
File C:\Users\Nick\AppData\Roaming\e1cc8f54 not found.
File C:\Users\Nick\AppData\Roaming\bb86c08d not found.
File C:\Users\Nick\AppData\Roaming\bb3e5de1 not found.
File C:\Users\Nick\AppData\Roaming\ba75ae2d not found.
File C:\Users\Nick\AppData\Roaming\b9c0a276 not found.
File C:\Users\Nick\AppData\Roaming\b97cf64b not found.
File C:\Users\Nick\AppData\Roaming\b94787ff not found.
File C:\Users\Nick\AppData\Roaming\b905dbd3 not found.
File C:\Users\Nick\AppData\Roaming\b8cf80df not found.
File C:\Users\Nick\AppData\Roaming\b8925bab not found.
File C:\Users\Nick\AppData\Roaming\b8614a16 not found.
File C:\Users\Nick\AppData\Roaming\b82db1bc not found.
File C:\Users\Nick\AppData\Roaming\b7693bde not found.
File C:\Users\Nick\AppData\Roaming\b727fb0f not found.
File C:\Users\Nick\AppData\Roaming\b6f3d89f not found.
File C:\Users\Nick\AppData\Roaming\b6b906eb not found.
File C:\Users\Nick\AppData\Roaming\b6acc96e not found.
File C:\Users\Nick\AppData\Roaming\b66cd381 not found.
File C:\Users\Nick\AppData\Roaming\b6620690 not found.
File C:\Users\Nick\AppData\Roaming\b62cfe98 not found.
File C:\Users\Nick\AppData\Roaming\b5b03db8 not found.
File C:\Users\Nick\AppData\Roaming\b577c57e not found.
File C:\Users\Nick\AppData\Roaming\b4b12771 not found.
File C:\Users\Nick\AppData\Roaming\b3ef3895 not found.
File C:\Users\Nick\AppData\Roaming\b2f40a0e not found.
File C:\Users\Nick\AppData\Roaming\b2afd070 not found.
File C:\Users\Nick\AppData\Roaming\b26b0ee9 not found.
File C:\Users\Nick\AppData\Roaming\b1f0e831 not found.
File C:\Users\Nick\AppData\Roaming\b1ae8be7 not found.
File C:\Users\Nick\AppData\Roaming\b16f0006 not found.
File C:\Users\Nick\AppData\Roaming\b0f01559 not found.
File C:\Users\Nick\AppData\Roaming\b0ac3ac3 not found.
File C:\Users\Nick\AppData\Roaming\b040121a not found.
File C:\Users\Nick\AppData\Roaming\aff4bcb8 not found.
File C:\Users\Nick\AppData\Roaming\afb7fc11 not found.
File C:\Users\Nick\AppData\Roaming\af7c5acd not found.
File C:\Users\Nick\AppData\Roaming\af387f86 not found.
File C:\Users\Nick\AppData\Roaming\e71c49e not found.
File C:\Users\Nick\AppData\Roaming\e387614 not found.
File C:\Users\Nick\AppData\Roaming\4b5d9678 not found.
File C:\Users\Nick\AppData\Roaming\4b1b7020 not found.
File C:\Users\Nick\AppData\Roaming\4aaefcec not found.
File C:\Users\Nick\AppData\Roaming\4a738d8e not found.
File C:\Users\Nick\AppData\Roaming\4a36a154 not found.
File C:\Users\Nick\AppData\Roaming\4a1e86d2 not found.
File C:\Users\Nick\AppData\Roaming\47973dea not found.
File C:\Users\Nick\AppData\Roaming\475d74d4 not found.
File C:\Users\Nick\AppData\Roaming\42e61641 not found.
File C:\Users\Nick\AppData\Roaming\42aa8779 not found.
File C:\Users\Nick\AppData\Roaming\4266f261 not found.
File C:\Users\Nick\AppData\Roaming\42288861 not found.
File C:\Users\Nick\AppData\Roaming\4109cbb3 not found.
File C:\Users\Nick\AppData\Roaming\40cc1d81 not found.
File C:\Users\Nick\AppData\Roaming\57b80ed6 not found.
File C:\Users\Nick\AppData\Roaming\635c136c not found.
File C:\Users\Nick\AppData\Roaming\62340c0b not found.
File C:\Users\Nick\AppData\Roaming\60526628 not found.
File C:\Users\Nick\AppData\Roaming\5f96c0b8 not found.
File C:\Users\Nick\AppData\Roaming\5f52018b not found.
File C:\Users\Nick\AppData\Roaming\5daec8f4 not found.
File C:\Users\Nick\AppData\Roaming\5c9da2f0 not found.
File C:\Users\Nick\AppData\Roaming\5c657d18 not found.
File C:\Users\Nick\AppData\Roaming\551125e4 not found.
File C:\Users\Nick\AppData\Roaming\540de659 not found.
File C:\Users\Nick\AppData\Roaming\5316e9d1 not found.
File C:\Users\Nick\AppData\Roaming\52de7ee1 not found.
File C:\Users\Nick\AppData\Roaming\4b3ddcbd not found.
File C:\Users\Nick\AppData\Roaming\4afd83f7 not found.
File C:\Users\Nick\AppData\Local\s5oi77fu3i7a068ut8fxi01q805v2232pm0 not found.
File C:\ProgramData\s5oi77fu3i7a068ut8fxi01q805v2232pm0 not found.
File C:\Users\Nick\AppData\Local\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2 not found.
File C:\ProgramData\p80yr1q6khf8744k787c8p2da1mtj26a0v25m83be2 not found.
C:\Users\Nick\AppData\Local\77d1j25v201j7yqbb66nke782g3568ox5y0336li67ufvio moved successfully.
C:\ProgramData\77d1j25v201j7yqbb66nke782g3568ox5y0336li67ufvio moved successfully.
C:\Users\Nick\AppData\Local\wpuynoj5jc2x8iv7oc1188o6 moved successfully.
C:\ProgramData\wpuynoj5jc2x8iv7oc1188o6 moved successfully.
C:\Users\Nick\AppData\Roaming\6B32.809 moved successfully.
C:\ProgramData\1728327683.dat moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick\Desktop\cmd.bat deleted successfully.
C:\Users\Nick\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.23.0 log created on 06112011_123349
------------------------------------------


ComboFix Log Attached below




ComboFix 11-06-11.01 - Nick 06/11/2011 12:40:13.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.445 [GMT -7:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\users\Nick\AppData\Roaming\chrtmp
c:\users\Nick\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Templates\s5oi77fu3i7a068ut8fxi01q805v2232pm0
c:\windows\system32\drivers\sstF327.sys
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_sstF327
-------\Service_sstF327
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 19:48 . 2011-06-11 19:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-11 19:48 . 2011-06-11 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 19:33 . 2011-06-11 19:33 -------- d-----w- C:\_OTL
2011-06-08 08:48 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE66BA38-FB99-4DFC-96AC-36BCAB4FBDA3}\mpengine.dll
2011-06-08 05:21 . 2011-06-08 05:21 -------- d-----w- c:\program files\Boilsoft Video Splitter
2011-06-06 05:48 . 2011-06-06 05:48 -------- d-----w- c:\users\Nick\AppData\Local\Apps
2011-06-05 23:21 . 2011-06-05 23:21 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-06-05 23:19 . 2011-06-05 23:19 -------- d-----w- c:\windows\PCHEALTH
2011-06-05 23:19 . 2011-06-05 23:19 -------- d-----w- c:\program files\Microsoft.NET
2011-06-05 17:54 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 17:54 . 2011-06-05 23:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 17:54 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 00:58 . 2011-06-05 01:38 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-05 00:19 . 2011-06-05 00:19 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-05 00:19 . 2011-06-05 00:19 -------- d-----w- c:\programdata\Hitman Pro
2011-06-04 05:51 . 2011-06-08 05:21 -------- d-----w- c:\users\Nick\AppData\Roaming\Boilsoft
2011-06-04 05:51 . 2011-06-04 05:51 -------- d-----w- c:\program files\Boilsoft Video Joiner
2011-05-17 20:05 . 2011-05-17 20:05 -------- d-----w- c:\users\Nick\AppData\Roaming\KYL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 19:44 . 2006-11-02 08:52 208488 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-04-27 17:33 . 2011-04-27 17:33 3263 ----a-w- C:\defenderfix.reg
2011-04-19 22:39 . 2011-04-19 22:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 16:26 . 2011-05-11 16:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-06 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 01:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1575482397-4069540635-46351700-1000]
"EnableNotificationsRef"=dword:00000002
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tmq.bingstart.com/?cfg=2-168-0-1j0Qn
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpph4uqr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - 134.102.68.201
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 134.102.68.201
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56808
FF - prefs.js: network.proxy.socks - 134.102.68.201
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 134.102.68.201
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{C0E5BCBB-8E53-3D0A-66C8-ACA26AA4D6CD} - (no file)
SafeBoot-57381039.sys
SafeBoot-klmdb.sys
AddRemove-Hauppauge MCE2005 Software Encoder - c:\progra~1\WinTV\UNSftMCE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 12:51
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1575482397-4069540635-46351700-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58ACD817-9F55-D85A-8E55-A0F02D05B94D}*]
"iaejjgbecfphojpieb"=hex:69,61,6e,64,69,66,64,70,6d,62,6e,64,68,6b,68,63,6e,70,
00,dc
"hakndccijjmibfej"=hex:69,61,6e,64,69,66,64,70,6d,62,6e,64,68,6b,68,63,6e,70,
00,dc
.
[HKEY_USERS\S-1-5-21-1575482397-4069540635-46351700-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F389E2DC-B221-A4C9-114B-645074D5CD8B}*]
"iagmfmhbndmhgpmjnj"=hex:69,61,66,62,68,61,64,68,68,6c,6b,68,62,68,66,6a,68,69,
00,dc
"haalplipgpiobeed"=hex:69,61,66,62,68,61,64,68,68,6c,6b,68,62,68,66,6a,68,69,
00,dc
.
[HKEY_USERS\S-1-5-21-1575482397-4069540635-46351700-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5D23971-55DE-2740-B012-75846A6BDB6A}*]
"oacjhckfbenhcagjcaandcjoepbdhe"=hex:69,61,69,68,6f,6b,6b,68,67,6b,6e,65,6a,6b,
65,67,69,6b,00,00
"namjfdpkamcmhlafbjmcaaehppck"=hex:69,61,69,68,6f,6b,6b,68,67,6b,6e,65,6a,6b,
65,67,69,6b,00,00
"oaojhedoaiggfpgmolamlhlkbgjpml"=hex:64,61,6f,68,68,63,6e,70,00,00
"oacjhckfbenhcagjcaandcjobpedgh"=hex:6a,61,6e,68,6a,63,6f,70,6d,62,62,63,64,68,
68,6d,66,69,66,62,00,00
"namjfdpkamcmhlafbjmcaafhopff"=hex:6a,61,6e,68,6a,63,6f,70,6d,62,62,63,64,68,
68,6d,66,69,66,62,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2011-06-11 12:56:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 19:56
.
Pre-Run: 2,575,532,032 bytes free
Post-Run: 3,823,394,816 bytes free
.
- - End Of File - - 4494065DDC3D49E7F18C4DD73CA7250A

Attached Files


Edited by SweetTech, 11 June 2011 - 03:20 PM.
expanded CF log.--ST


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:14 AM

Posted 11 June 2011 - 03:22 PM

Hi!

Okay. I'll remove those proxy entries then.

Please be sure to let me know of what issues you are experiencing in your next post.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    FF - prefs.js..network.proxy.backup.ftp: "134.102.68.201" 
    FF - prefs.js..network.proxy.backup.ftp_port: 3128 
    FF - prefs.js..network.proxy.backup.gopher: "134.102.68.201" 
    FF - prefs.js..network.proxy.backup.gopher_port: 3128 
    FF - prefs.js..network.proxy.backup.socks: "134.102.68.201" 
    FF - prefs.js..network.proxy.backup.socks_port: 3128 
    FF - prefs.js..network.proxy.backup.ssl: "134.102.68.201" 
    FF - prefs.js..network.proxy.backup.ssl_port: 3128 
    FF - prefs.js..network.proxy.ftp: "134.102.68.201" 
    FF - prefs.js..network.proxy.ftp_port: 3128 
    FF - prefs.js..network.proxy.gopher: "134.102.68.201" 
    FF - prefs.js..network.proxy.gopher_port: 3128 
    FF - prefs.js..network.proxy.http: "127.0.0.1" 
    FF - prefs.js..network.proxy.http_port: 56808 
    FF - prefs.js..network.proxy.share_proxy_settings: true 
    FF - prefs.js..network.proxy.socks: "134.102.68.201" 
    FF - prefs.js..network.proxy.socks_port: 3128 
    FF - prefs.js..network.proxy.ssl: "134.102.68.201" 
    FF - prefs.js..network.proxy.ssl_port: 3128 
    FF - prefs.js..network.proxy.type: 0 
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:




Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Franchise

Franchise
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 11 June 2011 - 05:16 PM

My computer seems to be running without any issues.

OTL

========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: "134.102.68.201" removed from network.proxy.backup.ftp
Prefs.js: 3128 removed from network.proxy.backup.ftp_port
Prefs.js: "134.102.68.201" removed from network.proxy.backup.gopher
Prefs.js: 3128 removed from network.proxy.backup.gopher_port
Prefs.js: "134.102.68.201" removed from network.proxy.backup.socks
Prefs.js: 3128 removed from network.proxy.backup.socks_port
Prefs.js: "134.102.68.201" removed from network.proxy.backup.ssl
Prefs.js: 3128 removed from network.proxy.backup.ssl_port
Prefs.js: "134.102.68.201" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "134.102.68.201" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 56808 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "134.102.68.201" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "134.102.68.201" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick\Desktop\cmd.bat deleted successfully.
C:\Users\Nick\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.23.0 log created on 06112011_132731

---------------------

MBAM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6837

Windows 6.0.6000
Internet Explorer 7.0.6000.16609

6/11/2011 1:33:09 PM
mbam-log-2011-06-11 (13-33-09).txt

Scan type: Quick scan
Objects scanned: 150103
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------

ESET

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\D\Autorun.inf.vir INF/Autorun.gen trojan
C:\Qoobox\Quarantine\D\av3.zip INF/Autorun.gen trojan
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\990a542-3c2dd235 multiple threats
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\465c2a43-3c6e37f9 multiple threats
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-630cd766 multiple threats
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\778d5c2d-6e903eff Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\70c16ac6-2999710e Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\59af077c-73f33170 multiple threats
D:\0ca626e62b7657d0e81d038cfc\DW20.EXE Win32/Sality.NBA virus
D:\HP\RECOVERY\RestoreWiz.exe Win32/Sality.NBA virus

-------------------

SecurityCheck

Results of screen317's Security Check version 0.99.13
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 24
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.152.26
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:14 AM

Posted 11 June 2011 - 05:19 PM

Do the following:

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: D:\HP\RECOVERY\RestoreWiz.exe
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please repeat the above process for the following file below:

D:\0ca626e62b7657d0e81d038cfc\DW20.EXE

Please post the results in your next reply

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Franchise

Franchise
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 11 June 2011 - 09:40 PM

D:\HP\RECOVERY\RestoreWiz.exe

Antivirus results
AhnLab-V3 - 2011.06.12.00 - 2011.06.11 - Win32/Kashu.E
AntiVir - 7.11.9.159 - 2011.06.11 - W32/Sality.AT
Antiy-AVL - 2.0.3.7 - 2011.06.11 - -
Avast - 4.8.1351.0 - 2011.06.11 - Win32:Sality
Avast5 - 5.0.677.0 - 2011.06.11 - Win32:Sality
AVG - 10.0.0.1190 - 2011.06.11 - Win32/Sality
BitDefender - 7.2 - 2011.06.12 - Win32.Sality.3
CAT-QuickHeal - 11.00 - 2011.06.11 - W32.Sality.U
ClamAV - 0.97.0.0 - 2011.06.12 - -
Commtouch - 5.3.2.6 - 2011.06.11 - W32/Sality.gen2
Comodo - 9034 - 2011.06.12 - Virus.Win32.Sality.Gen
DrWeb - 5.0.2.03300 - 2011.06.12 - Win32.Sector.22
eSafe - 7.0.17.0 - 2011.06.09 - -
eTrust-Vet - 36.1.8380 - 2011.06.10 - Win32/Sality.AA
F-Prot - 4.6.2.117 - 2011.06.11 - W32/Sality.gen2
F-Secure - 9.0.16440.0 - 2011.06.12 - Win32.Sality.3
Fortinet - 4.2.257.0 - 2011.06.11 - -
GData - 22 - 2011.06.12 - Win32.Sality.3
Ikarus - T3.1.1.104.0 - 2011.06.11 - Virus.Win32.Sality
Jiangmin - 13.0.900 - 2011.06.11 - Win32/HLLP.Kuku.Gen
K7AntiVirus - 9.106.4798 - 2011.06.10 - Virus
Kaspersky - 9.0.0.837 - 2011.06.12 - Virus.Win32.Sality.bh
McAfee - 5.400.0.1158 - 2011.06.12 - W32/Sality.gen.z
McAfee-GW-Edition - 2010.1D - 2011.06.12 - W32/Sality.gen.z
Microsoft - 1.6903 - 2011.06.11 - Virus:Win32/Sality.AT
NOD32 - 6199 - 2011.06.12 - Win32/Sality.NBA
Norman - 6.07.10 - 2011.06.10 - W32/Sality.BD
nProtect - 2011-06-11.01 - 2011.06.11 - Win32.Sality.3
Panda - 10.0.3.5 - 2011.06.11 - W32/Sality.AA
PCTools - 7.0.3.5 - 2011.06.10 - Malware.Sality
Prevx - 3.0 - 2011.06.12 - -
Rising - 23.61.04.07 - 2011.06.10 - Win32.KUKU.ky
Sophos - 4.66.0 - 2011.06.11 - Mal/Sality-D
SUPERAntiSpyware - 4.40.0.1006 - 2011.06.11 - -
Symantec - 20111.1.0.186 - 2011.06.12 - W32.Sality.AE
TheHacker - 6.7.0.1.228 - 2011.06.11 - W32/Sality.gen
TrendMicro - 9.200.0.1012 - 2011.06.11 - PE_SALITY.RL
TrendMicro-HouseCall - 9.200.0.1012 - 2011.06.12 - PE_SALITY.RL
VBA32 - 3.12.16.1 - 2011.06.10 - Virus.Win32.Sality.bakc
VIPRE - 9557 - 2011.06.12 - Virus.Win32.Sality.at (v)
ViRobot - 2011.6.11.4507 - 2011.06.11 - Win32.Sality.N
VirusBuster - 14.0.76.0 - 2011.06.11 - Win32.Sality.BL
File info:
MD5: 33f0c65644bc3161bd3738a803b4b3d8
SHA1: 37380063c40a1158d6b895a3269ab1b36f06720c
SHA256: c3f3521a5fe556aceca50368ef956877e7a6c1597728a89e2be233260c2a34c0
File size: 2579592 bytes
Scan date: 2011-06-12 02:33:32 (UTC)

----------------------------------------------------

D:\0ca626e62b7657d0e81d038cfc\DW20.EXE


Antivirus results
AhnLab-V3 - 2011.06.12.00 - 2011.06.11 - Win32/Kashu.E
AntiVir - 7.11.9.159 - 2011.06.11 - W32/Sality.AT
Antiy-AVL - 2.0.3.7 - 2011.06.11 - -
Avast - 4.8.1351.0 - 2011.06.11 - Win32:Sality
Avast5 - 5.0.677.0 - 2011.06.11 - Win32:Sality
AVG - 10.0.0.1190 - 2011.06.11 - Win32/Sality
BitDefender - 7.2 - 2011.06.12 - Win32.Sality.3
CAT-QuickHeal - 11.00 - 2011.06.11 - W32.Sality.U
ClamAV - 0.97.0.0 - 2011.06.12 - -
Commtouch - 5.3.2.6 - 2011.06.11 - W32/Sality.gen2
Comodo - 9034 - 2011.06.12 - Virus.Win32.Sality.Gen
DrWeb - 5.0.2.03300 - 2011.06.12 - Win32.Sector.22
eSafe - 7.0.17.0 - 2011.06.09 - -
eTrust-Vet - 36.1.8380 - 2011.06.10 - Win32/Sality.AA
F-Prot - 4.6.2.117 - 2011.06.11 - W32/Sality.gen2
F-Secure - 9.0.16440.0 - 2011.06.12 - Win32.Sality.3
Fortinet - 4.2.257.0 - 2011.06.11 - -
GData - 22 - 2011.06.12 - Win32.Sality.3
Ikarus - T3.1.1.104.0 - 2011.06.11 - Virus.Win32.Sality
Jiangmin - 13.0.900 - 2011.06.11 - Win32/HLLP.Kuku.Gen
K7AntiVirus - 9.106.4798 - 2011.06.10 - Virus
Kaspersky - 9.0.0.837 - 2011.06.12 - Virus.Win32.Sality.bh
McAfee - 5.400.0.1158 - 2011.06.12 - W32/Sality.gen.z
McAfee-GW-Edition - 2010.1D - 2011.06.12 - W32/Sality.gen.z
Microsoft - 1.6903 - 2011.06.11 - Virus:Win32/Sality.AT
NOD32 - 6199 - 2011.06.12 - Win32/Sality.NBA
Norman - 6.07.10 - 2011.06.10 - W32/Sality.BM
nProtect - 2011-06-11.01 - 2011.06.11 - Win32.Sality.3
Panda - 10.0.3.5 - 2011.06.11 - W32/Sality.AA
PCTools - 7.0.3.5 - 2011.06.10 - Malware.Sality
Prevx - 3.0 - 2011.06.12 - -
Rising - 23.61.04.07 - 2011.06.10 - Win32.KUKU.ky
Sophos - 4.66.0 - 2011.06.11 - Mal/Sality-D
SUPERAntiSpyware - 4.40.0.1006 - 2011.06.11 - -
Symantec - 20111.1.0.186 - 2011.06.12 - W32.Sality.AE
TheHacker - 6.7.0.1.228 - 2011.06.11 - W32/Sality.gen
TrendMicro - 9.200.0.1012 - 2011.06.11 - PE_SALITY.RL
TrendMicro-HouseCall - 9.200.0.1012 - 2011.06.12 - PE_SALITY.RL
VBA32 - 3.12.16.1 - 2011.06.10 - Virus.Win32.Sality.bakc
VIPRE - 9557 - 2011.06.12 - Virus.Win32.Sality.at (v)
ViRobot - 2011.6.11.4507 - 2011.06.11 - Win32.Sality.N
VirusBuster - 14.0.76.0 - 2011.06.11 - Win32.Sality.BL
File info:
MD5: 9da2b3b6500a74eb269f66fb00708522
SHA1: cd3cfa95e274ade2fd1f2712700110ad87a45734
SHA256: e67e1b2da341b338d483e1f62ca81afd801186f734eda476ceacef546f00cd68
File size: 711672 bytes
Scan date: 2011-06-12 02:37:10 (UTC)

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:14 AM

Posted 13 June 2011 - 09:51 AM

Hi!

I don't want you to think that I left you hanging here.

There are two threats from your ESET log that have me worried.

These are the two threats:

D:\0ca626e62b7657d0e81d038cfc\DW20.EXE Win32/Sality.NBA virus
D:\HP\RECOVERY\RestoreWiz.exe Win32/Sality.NBA virus


Sality is a very dangerous infection and the only solution is to perform a reformat and re-install.

I'm currently waiting to hear back from my colleagues on this to see what the best course of action to take in this situation is.

I hope to have something for you soon.

Please respond to this thread, so that it gets bumped back up in my queue.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Franchise

Franchise
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 13 June 2011 - 11:14 AM

Thank you for the response. It's odd that I have this infection because my system seems to be running without any issues. What does this virus do exactly?

I really hope I don't need to do a reformat and reinstall. Looking forward to hearing from you.

EDIT - I cam across this on a quick google search - http://www.softpedia.com/get/Antivirus/Win32-Sality-Remover.shtml

Couldn't I download this program to remove the specific file? Or If I did another ESET scan and this time checked the "Remove found threats" option wouldn't that remove Sality?

Let me know as I really don't want to go through a reinstall. Thanks.

Edited by Franchise, 13 June 2011 - 11:18 AM.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:14 AM

Posted 13 June 2011 - 01:10 PM

Hi!

Thank you for the response. It's odd that I have this infection because my system seems to be running without any issues. What does this virus do exactly?

This is usually what I provide to my users who are infected with Sality:

Please see ThreatExpert's awareness of Win32.Sality.

Sality Family is a family of a polymorphic file infectors which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

As with many other malware, Sality disables anti-virus software and prevents access to certain anti-virus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.

About Sality Virus

If the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach.

Sality/Win32.Sector is not effectively disinfectable. Your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once
infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there
afterwords. Please read:


---------

The thing that worries me is that the Sality infection seems to be on your D:\ drive which appears to be the Recovery Partition. I hope to have some news for you shortly, on what our next course of action will be. I hope to hear back from my colleague later on this evening.

Edited by SweetTech, 13 June 2011 - 01:14 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Franchise

Franchise
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 14 June 2011 - 10:47 AM

Any update? I'm really want to use the Sality Removal Tool and see what it does.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:14 AM

Posted 14 June 2011 - 11:08 AM

Hi!

Any update? I'm really want to use the Sality Removal Tool and see what it does.

Thanks for being patient with me! I had to wait to hear back from a colleague of mine in regards to this issue.

I would not advise using the Sality Removal tool. You may end up finding yourself with a computer that can't boot.

The news isn't good! You have an extremely nasty infection on your D:\ drive. As you can see from my previous post, it's a very serious infection, and the only way to get rid of it is by performing a complete reformat and re-install of the operating system including the recovery partition.

The problem with this is, I feel it may remove a key software component that might be necessary to perform the reformat and re-installation.

Do you happen to have your recovery disks and/or a stand alone installation DVD? If you do not, then you're going to have to contact HP and see what they can do for you.

Link: http://welcome.hp.com/country/us/en/contact_us.html

Link: http://h71028.www7.hp.com/hho/cache/456501-0-0-225-121.html


I'd explain the situation to HP, and you could even provide them with a link to the thread if they'd like to see it. I'd ask for a new HP installation package being sure it came with the HP Total Care Advisor software.

I'd then format the D drive (partition), then uninstall the Total Care Advisor and then re-install.

You have a file infector infection, so it will spread at some point, and when it does, it's going to attack hard and viciously.

Another issue I can see is the following:

Drive C: | 137.18 Gb Total Space | 2.65 Gb Free Space | 1.93% Space Free | Partition Type: NTFS


You have very little free space left on this machine, and your machine may cease to either boot up or work properly shortly.

If you do not reformat and re-install the operating system you can guarantee that this machine will become part of a zombie network as more and more files become compromised.

If you need further assistance with reformatting and re-installing your computer completely, I'd post in the Windows Vista forum, and seek the assistance from the techs there. I'd ask that you include a link to this thread, so they can see what we've done, and what we've discussed.

I wish there was better news, but there is no way around a reformat and re-install at this point, especially with the severity of the infection.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Franchise

Franchise
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 14 June 2011 - 03:43 PM

I know you didn't advise it, but I went my gut feeling and ran Sality Removal Tool. The tool cleaned the 2 files you were worried about in the D: partition. I then ran ESET Online Scanner with the option "remove detected threats" checked. The 2 files cleaned by Sality tool didn't pop-up as threats in this scan. I'm posting the ESET log below. Sality Removal Log is too large to post in it's entirety.


Sality Log

D:\$RECYCLE.BIN\S-1-5-21-1575482397-4069540635-46351700-1000\desktop.ini; OK
D:\0ca626e62b7657d0e81d038cfc\baseline.dat; OK
D:\0ca626e62b7657d0e81d038cfc\deffactory.dat; OK
D:\0ca626e62b7657d0e81d038cfc\DeleteTemp.exe; OK
D:\0ca626e62b7657d0e81d038cfc\dlmgr.dll; OK
D:\0ca626e62b7657d0e81d038cfc\DW20.EXE; Cleaned
D:\0ca626e62b7657d0e81d038cfc\DWINTL20.DLL; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1025.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1028.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1029.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1030.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1031.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1032.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1033.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1035.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1036.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1037.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1038.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1040.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1041.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1042.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1043.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1044.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1045.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1046.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1049.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1053.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.1055.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.2052.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.2070.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\eula.3082.rtf; OK
D:\0ca626e62b7657d0e81d038cfc\gencomp.dll; OK
D:\0ca626e62b7657d0e81d038cfc\HtmlLite.dll; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1025.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1028.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1029.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1030.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1031.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1032.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1035.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1036.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1037.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1038.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1040.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1041.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1042.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1043.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1044.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1045.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1046.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1049.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1053.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.1055.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.2052.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.2070.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.3082.ini; OK
D:\0ca626e62b7657d0e81d038cfc\locdata.ini; OK
D:\0ca626e62b7657d0e81d038cfc\logo.bmp; OK
D:\0ca626e62b7657d0e81d038cfc\setup.exe; OK
D:\0ca626e62b7657d0e81d038cfc\setup.sdb; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1025.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1028.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1029.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1030.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1031.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1032.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1035.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1036.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1037.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1038.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1040.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1041.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1042.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1043.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1044.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1045.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1046.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1049.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1053.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.1055.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.2052.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.2070.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.3082.dll; OK
D:\0ca626e62b7657d0e81d038cfc\setupres.dll; OK
D:\0ca626e62b7657d0e81d038cfc\SITSetup.dll; OK
D:\0ca626e62b7657d0e81d038cfc\vs70uimgr.dll; OK
D:\0ca626e62b7657d0e81d038cfc\vsbasereqs.dll; OK
D:\0ca626e62b7657d0e81d038cfc\vsscenario.dll; OK
D:\0ca626e62b7657d0e81d038cfc\vs_setup.dll; OK
D:\0ca626e62b7657d0e81d038cfc\vs_setup.MS_; OK
D:\0ca626e62b7657d0e81d038cfc\vs_setup.pdi; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1025.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1028.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1029.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1030.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1031.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1032.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1035.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1036.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1037.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1038.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1040.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1041.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1042.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1043.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1044.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1045.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1046.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1049.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1053.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.1055.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.2052.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.2070.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.3082.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapRes.dll; OK
D:\0ca626e62b7657d0e81d038cfc\WapUI.dll; OK
D:\AUTOMODE; OK
D:\BLOCK.RIN; OK
D:\boot\BCD; OK
D:\boot\BCD.LOG; OK
D:\boot\bcd.LOG1; OK
D:\boot\bcd.LOG2; OK
D:\boot\boot.sdi; OK
D:\boot\BOOTFIX.BIN; OK
D:\boot\BOOTSECT.EXE; OK
D:\boot\Desktop.ini; OK
D:\boot\ETFSBOOT.COM; OK
D:\boot\Folder.htt; OK
D:\boot\FONTS\CHS_BOOT.TTF; OK
D:\boot\FONTS\CHT_BOOT.TTF; OK
D:\boot\FONTS\JPN_BOOT.TTF; OK
D:\boot\FONTS\KOR_BOOT.TTF; OK
D:\boot\FONTS\WGL4_BOOT.TTF; OK
D:\boot\memtest.exe; Corrupt
D:\boot\protect.chinese hong kong; OK
D:\boot\protect.chinese simplified; OK
D:\boot\protect.chinese traditional; OK
D:\boot\protect.czech; OK
D:\boot\protect.danish; OK
D:\boot\protect.dutch; OK
D:\boot\Protect.ed; OK
D:\boot\protect.english; OK
D:\boot\protect.finnish; OK
D:\boot\protect.french; OK
D:\boot\protect.german; OK
D:\boot\protect.greek; OK
D:\boot\protect.hebrew; OK
D:\boot\protect.hungarian; OK
D:\boot\protect.italian; OK
D:\boot\protect.japanese; OK
D:\boot\protect.korean; OK
D:\boot\protect.norwegian; OK
D:\boot\protect.polish; OK
D:\boot\protect.portuguese; OK
D:\boot\protect.portuguese brazilian; OK
D:\boot\protect.russian; OK
D:\boot\protect.spanish; OK
D:\boot\protect.swedish; OK
D:\boot\protect.turkish; OK
D:\bootmgr; OK
D:\Desktop.ini; OK
D:\Folder.htt; OK
D:\HP\Desktop.ini; OK
D:\HP\Folder.htt; OK
D:\HP\protect.chinese hong kong; OK
D:\HP\protect.chinese simplified; OK
D:\HP\protect.chinese traditional; OK
D:\HP\protect.czech; OK
D:\HP\protect.danish; OK
D:\HP\protect.dutch; OK
D:\HP\Protect.ed; OK
D:\HP\protect.english; OK
D:\HP\protect.finnish; OK
D:\HP\protect.french; OK
D:\HP\protect.german; OK
D:\HP\protect.greek; OK
D:\HP\protect.hebrew; OK
D:\HP\protect.hungarian; OK
D:\HP\protect.italian; OK
D:\HP\protect.japanese; OK
D:\HP\protect.korean; OK
D:\HP\protect.norwegian; OK
D:\HP\protect.polish; OK
D:\HP\protect.portuguese; OK
D:\HP\protect.portuguese brazilian; OK
D:\HP\protect.russian; OK
D:\HP\protect.spanish; OK
D:\HP\protect.swedish; OK
D:\HP\protect.turkish; OK
D:\HP\RECOVERY\COMPAQ; OK
D:\HP\RECOVERY\REIMAGE.FLG; OK
D:\HP\RECOVERY\RestoreWiz.exe; Cleaned
D:\HP\RECOVERY\SINGLE.FLG; OK
D:\HP\RECOVERY\Skin.smf; OK

---------------

ESET

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\D\Autorun.inf.vir INF/Autorun.gen trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\D\av3.zip INF/Autorun.gen trojan deleted - quarantined
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\990a542-3c2dd235 multiple threats deleted - quarantined
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\465c2a43-3c6e37f9 multiple threats deleted - quarantined
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\1ad04aa0-630cd766 multiple threats deleted - quarantined
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\778d5c2d-6e903eff Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\70c16ac6-2999710e Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\59af077c-73f33170 multiple threats deleted - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users