Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan & Banker Infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 blackswordsman

blackswordsman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 12 July 2011 - 02:17 PM

Hello,
I run weekly scans on my machine using Malwarebytes and Spybot Search and Destroy. I recently got a hit for a Trojan from Malware Bytes and Banker Infection from Spybot. I removed them with the tools but I wanted to check to make sure that I got all of the problem. I am pasting in the Malwarebytes removal log and the dds.txt. I will attach the attach.txt and the ark.txt. One thing when I ran the gmer scan I could not check most of the boxes they were greyed out. Services, Registry , and Files were active and checked all of the ones above them were not checked and greyed out; show all was also unchecked. I ran defogger and it did nothing. Thank you for taking the time to help me.

MalwareBytes Removal log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7088

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/12/2011 1:39:18 PM
mbam-log-2011-07-12 (13-39-18).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 433338
Time elapsed: 2 hour(s), 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\hewlett-packard\touchsmart\Media\System\_pypcmagentinfo.dll (Trojan.Agent) -> Quarantined and deleted successfully.

DDS.txt
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Sere at 13:28:50 on 2011-07-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6110.2317 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Sere\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Aim6]
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Sere\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 10.30.10.1
TCP: Interfaces\{96A37C72-30B4-465C-881B-6C74964964AE} : DhcpNameServer = 65.32.5.111 65.32.5.112 10.30.10.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sere\AppData\Roaming\Mozilla\Firefox\Profiles\wlp84dr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes#t_0
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Sere\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sere\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-20 365904]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-6 1153368]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-4-23 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-4-23 116104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-9-9 24652]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-10 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-16 984392]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-10 135664]
S3 iscFlash;iscFlash;C:\Program Files (x86)\sp43867\iscflashx64.sys [2008-8-5 24568]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-6 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-12 15:31:00 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-12 15:30:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-12 15:30:07 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-07-09 20:29:45 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-07-09 20:28:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-06-29 08:51:19 344576 ----a-w- C:\Windows\System32\schannel.dll
2011-06-29 08:51:18 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-06-24 04:44:26 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 04:44:25 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-15 21:47:00 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-15 21:47:00 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M ====================
.
2011-06-16 13:38:54 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 06:28:00 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-05-28 06:24:04 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-05-28 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-05-28 06:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-05-28 06:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-05-28 06:08:58 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-05-28 05:33:37 479232 ----a-w- C:\Windows\System32\html.iec
2011-05-28 05:10:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-05-28 04:53:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-05-28 04:52:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 04:33:03 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-18 13:56:59 2762752 ----a-w- C:\Windows\System32\win32k.sys
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-29 13:41:02 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 13:40:56 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 13:39:34 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-29 13:39:34 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-29 13:39:31 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-29 02:19:35 249856 ------w- C:\Windows\Setup1.exe
2011-04-29 02:19:34 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-04-21 14:20:24 405504 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-15 01:28:12 117328 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-14 15:14:19 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys
.
============= FINISH: 13:30:08.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 29 July 2011 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409153 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 blackswordsman

blackswordsman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 31 July 2011 - 10:13 PM

I have not had anything show up on my malwarebytes or Spybot scans recently but I will still like someone to look at what I have posted here to see if I still have some rements on my machine.

New DDS
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Sere at 15:18:37 on 2011-07-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6110.2965 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Sere\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Aim6]
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Sere\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 10.30.10.1
TCP: Interfaces\{96A37C72-30B4-465C-881B-6C74964964AE} : DhcpNameServer = 65.32.5.111 65.32.5.112 10.30.10.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sere\AppData\Roaming\Mozilla\Firefox\Profiles\wlp84dr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes#t_0
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Sere\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sere\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-20 365904]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-6 1153368]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-4-23 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-4-23 116104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-9-9 24652]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-10 135664]
S2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-16 984392]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-10 135664]
S3 iscFlash;iscFlash;C:\Program Files (x86)\sp43867\iscflashx64.sys [2008-8-5 24568]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-6 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-12 21:47:41 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-07-12 21:47:36 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-07-12 21:47:36 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-12 15:31:00 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-12 15:30:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-12 15:30:07 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-07-09 20:29:45 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-07-09 20:28:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
.
==================== Find3M ====================
.
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-16 13:38:54 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 06:28:00 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-05-28 06:24:04 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-05-28 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-05-28 06:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-05-28 06:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-05-28 06:08:58 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-05-28 05:33:37 479232 ----a-w- C:\Windows\System32\html.iec
2011-05-28 05:10:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-05-28 04:53:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-05-28 04:52:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 04:33:03 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 15:19:34.05 ===============

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 04 August 2011 - 08:16 AM

Hello, blackswordsman.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1


Sorry for the delay...it's been crazy busy lately. GMER isn't compatiable with 64-bit systems, that's why most of the options were grayed out. We'll run aswMBR instead. At first glance you are likely clean, but we'll also run an OTL log for a bit more detail to me to look thorugh.

Also, are MBAM scans still clean?



Step 2

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Step 2

We need to create an OTL report,
  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 blackswordsman

blackswordsman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 04 August 2011 - 01:39 PM

1) The scans are still clear
2) This program blue screened my machine twice when pressing scan I did not try for a third
3) Logs are:

otl.txt

OTL logfile created on: 8/4/2011 1:28:59 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Sere\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 3.92 Gb Available Physical Memory | 65.74% Memory free
12.05 Gb Paging File | 9.85 Gb Available in Paging File | 81.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.78 Gb Total Space | 286.15 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.13 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
Drive E: | 3.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SERE-LAPTOP | User Name: Sere | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/04 13:26:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sere\Desktop\OTL.exe
PRC - [2011/06/24 00:44:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2009/04/23 02:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/23 01:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/23 01:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/26 05:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 21:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 21:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/04 13:26:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sere\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/07/16 16:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/21 23:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/03/09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/24 18:18:17 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/17 02:23:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/23 01:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/23 01:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:12 | 000,117,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:34 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 07:53:22 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/06 20:58:35 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/06 20:58:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/16 16:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 16:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 23:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/21 23:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/25 07:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/31 09:26:20 | 005,430,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/22 01:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/08/05 23:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/07/21 06:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/28 21:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/12/09 20:42:32 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2006/12/09 20:42:30 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/08/05 15:24:54 | 000,024,568 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\sp43867\iscflashx64.sys -- (iscFlash)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=mpes#t_0"
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Sere\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sere\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sere\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 04:01:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 07:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/01/27 21:59:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/12 23:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 00:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/16 09:42:38 | 000,000,000 | ---D | M]

[2011/01/26 20:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sere\AppData\Roaming\Mozilla\Extensions
[2011/07/31 23:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sere\AppData\Roaming\Mozilla\Firefox\Profiles\wlp84dr0.default\extensions
[2011/01/28 23:32:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sere\AppData\Roaming\Mozilla\Firefox\Profiles\wlp84dr0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/10 00:40:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Sere\AppData\Roaming\Mozilla\Firefox\Profiles\wlp84dr0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/30 19:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/27 04:23:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 19:38:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/12 07:58:42 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/06/12 23:44:50 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\SERE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WLP84DR0.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2011/06/24 00:44:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/31 14:40:09 | 000,436,245 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15017 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1665857451-3264436239-903903683-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1665857451-3264436239-903903683-1000..\Run: [HPAdvisor] File not found
O4 - HKU\S-1-5-21-1665857451-3264436239-903903683-1000..\Run: [WMPNSCFG] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 10.30.10.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{78cbd19c-8bf8-11e0-99cd-00235a3fdb86}\Shell - "" = AutoRun
O33 - MountPoints2\{78cbd19c-8bf8-11e0-99cd-00235a3fdb86}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{a5f3bec6-61c4-11de-a422-00235a3fdb86}\Shell - "" = AutoRun
O33 - MountPoints2\{a5f3bec6-61c4-11de-a422-00235a3fdb86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ce9aa40c-32f5-11e0-8509-00235a3fdb86}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 13:26:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Sere\Desktop\OTL.exe
[2011/07/16 14:37:06 | 000,000,000 | ---D | C] -- C:\Users\Sere\Desktop\cfWorkshops
[2011/07/12 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\Sere\Desktop\Logs
[2011/07/12 13:41:14 | 000,000,000 | ---D | C] -- C:\Users\Sere\Desktop\gmer
[2011/07/12 13:26:47 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Sere\Desktop\dds.scr
[2011/07/12 11:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/07/12 11:31:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/12 11:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/12 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/12 11:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/07/10 16:27:25 | 000,000,000 | ---D | C] -- C:\Users\Sere\AppData\Roaming\Ventrilo
[2011/07/09 16:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/07/09 16:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo
[2011/07/09 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/04 13:27:32 | 000,172,742 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/08/04 13:26:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sere\Desktop\OTL.exe
[2011/08/04 13:22:02 | 000,826,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/04 13:22:02 | 000,690,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/04 13:22:02 | 000,137,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/04 13:19:37 | 000,172,742 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/08/04 13:19:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/04 13:15:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 13:15:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/04 13:15:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/04 13:13:53 | 2112,835,583 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/04 13:13:45 | 933,716,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/04 13:02:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/04 12:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1665857451-3264436239-903903683-1000UA.job
[2011/08/04 07:12:04 | 126,853,854 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/03 20:55:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1665857451-3264436239-903903683-1000Core.job
[2011/07/31 15:03:43 | 000,000,932 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/31 14:40:09 | 000,436,245 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/26 08:58:51 | 000,002,593 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/07/17 11:08:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/07/16 14:20:59 | 000,000,732 | ---- | M] () -- C:\Users\Sere\AppData\Local\d3d9caps64.dat
[2011/07/16 14:12:32 | 101,193,927 | ---- | M] () -- C:\Users\Sere\Desktop\cfWorkshops.zip
[2011/07/13 03:21:26 | 002,463,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/12 16:17:52 | 000,435,677 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110731-144009.backup
[2011/07/12 13:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Sere\defogger_reenable
[2011/07/12 13:26:48 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Sere\Desktop\dds.scr
[2011/07/12 13:26:26 | 000,050,477 | ---- | M] () -- C:\Users\Sere\Desktop\Defogger.exe
[2011/07/12 12:29:55 | 000,000,872 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2011/07/09 16:29:59 | 000,000,742 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Ventrilo.lnk
[2011/07/09 16:29:48 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/09 16:07:23 | 000,002,635 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/04 13:13:45 | 933,716,935 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/16 14:11:01 | 101,193,927 | ---- | C] () -- C:\Users\Sere\Desktop\cfWorkshops.zip
[2011/07/12 13:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Sere\defogger_reenable
[2011/07/12 13:26:17 | 000,050,477 | ---- | C] () -- C:\Users\Sere\Desktop\Defogger.exe
[2011/07/12 12:29:55 | 000,000,872 | ---- | C] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2011/07/12 11:31:00 | 000,000,932 | ---- | C] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/09 16:29:59 | 000,000,742 | ---- | C] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Ventrilo.lnk
[2011/07/09 16:29:42 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/28 22:29:14 | 000,000,695 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Preferences.rbbook
[2011/04/28 22:29:14 | 000,000,140 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Ingredients.rbbook
[2011/04/28 22:29:14 | 000,000,039 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Measurements.rbbook
[2011/04/28 22:29:14 | 000,000,036 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Preparations.rbbook
[2011/04/28 22:29:14 | 000,000,030 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Menus.rbbook
[2010/12/01 01:28:27 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/10/17 20:20:31 | 000,000,239 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\prefsdb.dat
[2010/08/22 23:32:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/04/30 21:12:18 | 000,017,920 | ---- | C] () -- C:\Users\Sere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/13 09:31:41 | 000,004,601 | ---- | C] () -- C:\Windows\xnview.ini
[2009/09/03 12:22:55 | 000,000,732 | ---- | C] () -- C:\Users\Sere\AppData\Local\d3d9caps64.dat
[2009/07/06 10:25:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/06 10:25:11 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/06 10:24:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/08 00:59:39 | 000,000,680 | ---- | C] () -- C:\Users\Sere\AppData\Local\d3d9caps.dat
[2009/05/30 22:17:20 | 000,172,742 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/30 12:18:26 | 000,172,742 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/17 02:11:09 | 000,814,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/10/20 02:23:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/20 01:53:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/27 12:47:33 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2008/02/27 12:47:33 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/02/04 23:53:45 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\1morebee
[2010/06/27 00:04:13 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2009/09/20 00:43:54 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Abra Academy2
[2009/09/09 21:22:01 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\acccore
[2010/10/24 20:28:01 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Aerohills
[2011/05/15 22:58:21 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Alawar
[2010/08/25 10:58:12 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\AlderGames
[2011/04/03 22:39:21 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\aliasworlds
[2010/11/28 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Anarchy
[2010/10/02 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Artifex Mundi
[2009/11/28 23:27:34 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Artogon
[2010/10/14 08:30:35 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\AVG10
[2011/05/24 22:39:17 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Awem
[2010/11/27 21:43:17 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\AzuazGames
[2010/12/06 00:38:53 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Barnes & Noble
[2010/06/29 18:56:08 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Be a King 2
[2010/11/28 00:04:42 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Bear's dream
[2011/05/30 09:18:53 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Big Finish
[2010/10/01 19:36:55 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Big Fish Games
[2011/04/10 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\BlamGames
[2009/11/29 11:34:22 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\blg
[2010/12/24 18:10:43 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Boolat Games
[2010/12/12 19:16:35 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Boomzap
[2010/04/28 22:48:49 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\calibre
[2011/05/15 23:00:56 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Casual Mechanics
[2011/01/30 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\CasualForge
[2009/12/07 00:27:38 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\ChaYoWo Games
[2010/10/19 12:18:45 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Column of the Maya
[2010/08/02 03:47:15 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/06 11:25:19 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/11/01 01:38:02 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\DayTerium
[2011/01/02 01:22:08 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Dekovir
[2010/07/18 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\DigirononGames
[2011/03/06 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\DivoGames
[2010/05/02 15:27:04 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\DocumentsToGoDesktop
[2009/12/01 05:46:21 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\EleFun Games
[2010/10/14 22:14:42 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Elephant Games
[2011/03/26 07:43:36 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Enki Games
[2009/09/10 22:52:50 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Enlightenus
[2010/08/25 21:58:33 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Enlightenus2SE_BFG
[2010/05/28 21:29:06 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\ERS G-Studio
[2011/04/02 20:05:00 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\ERS Game Studios
[2011/03/15 02:51:25 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\EscapeFromParadise2
[2009/11/27 01:14:12 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\EscapeTheMuseum2
[2010/10/09 03:27:04 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Fabulous Finds
[2010/12/29 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Farm Mania 2
[2011/03/06 23:02:39 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Flood Light Games
[2010/09/25 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Floodlight Games
[2011/04/02 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\FloodLightGames
[2010/10/05 06:13:18 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\FlyWheelGames
[2010/09/19 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Freeze Tag
[2010/04/30 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\freshgames
[2011/03/12 00:25:58 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\FriendsGamesNetwork
[2010/11/15 23:39:03 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Frogwares
[2009/09/23 11:55:26 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\funkitron
[2011/02/21 20:26:28 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\G-HeadGames
[2011/04/30 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\game
[2010/09/26 20:26:43 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Game Mill Entertainment
[2011/02/20 23:33:41 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\GameInvest
[2010/07/18 01:22:35 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\GameMill Entertainment
[2010/09/23 17:42:02 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Gamers Digital
[2009/09/20 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Games
[2010/05/28 22:29:58 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\GamesCafe
[2011/04/02 00:55:44 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\GestaltGames
[2010/09/05 17:03:55 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Ghost Ship Studios
[2010/11/16 23:54:14 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Gogii
[2010/02/05 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Green Clover Games
[2011/01/02 01:11:41 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\GTM_Bodie
[2011/05/26 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\HdO Adventure
[2011/01/29 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\HillStoneAnimationStudios
[2009/09/23 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\HiT-MM
[2010/12/25 01:10:55 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\HitPoint Studios
[2011/03/06 20:47:38 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Hotdog Hotshot
[2011/05/12 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\IBAGroup
[2011/05/29 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\iMaxGen
[2010/08/29 00:23:49 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Immortal Lovers
[2010/10/10 23:48:46 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Island
[2010/12/29 18:03:04 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\iWin
[2010/10/19 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Jetdogs Studios
[2010/08/22 23:54:17 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\JoyBits
[2010/12/29 12:08:36 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Jumb-O-Fun Games
[2010/09/27 00:02:25 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\KingArthur
[2010/07/10 19:09:21 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\KranX Productions
[2010/04/06 03:29:51 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Ladia Group
[2010/12/26 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\LegacyInteractive
[2011/04/09 01:39:47 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\LittleGamesCompany
[2010/12/01 01:40:15 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Lonely Troops
[2009/09/12 16:55:07 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\MA
[2010/11/07 10:47:36 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\MA2
[2010/05/23 00:56:58 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Magic3
[2010/05/22 00:10:13 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\MagicIndie
[2010/11/07 17:02:22 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\MAI
[2011/05/12 10:09:32 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Manifesto Games
[2010/06/28 23:07:43 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Mariaglorum
[2009/12/06 02:53:10 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\MastersOfMystery2
[2010/12/09 21:13:25 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\MasterThief
[2011/05/24 22:39:55 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Maximize Games
[2011/04/30 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Meridian93
[2010/11/24 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Merscom
[2009/11/16 09:38:06 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Mobipocket
[2010/07/10 07:57:40 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Mutant Arcade
[2011/05/26 20:17:53 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\My Games
[2011/04/10 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Mystery of Mortlake Mansion
[2009/11/27 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\MysteryStudio
[2011/04/08 20:59:19 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Namco
[2010/11/29 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\NatGeoGames
[2011/06/02 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\NevoSoft
[2010/06/09 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\NevoSoft Games
[2010/11/22 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Odian Games
[2010/08/24 00:40:23 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Orneon
[2009/12/10 21:19:54 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\OtherSide Realm of Eons
[2009/07/24 11:49:16 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\PDM
[2010/08/25 21:54:58 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\PeaceCraft2
[2010/10/17 20:20:51 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\perfect future studio
[2010/12/31 11:56:24 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\PetShowCraze
[2011/05/26 20:17:35 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Ph03nixNewMedia
[2011/05/30 20:35:58 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\PlayFirst
[2011/03/22 21:15:54 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\PlayPond
[2010/12/01 21:15:28 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Playrix Entertainment
[2010/12/01 01:28:39 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Playtinum
[2009/09/12 19:20:12 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\PoBros
[2009/09/07 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Princess Isabella
[2010/04/05 22:23:44 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Roaming
[2010/11/16 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Robin Hood
[2010/02/23 22:39:43 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\runic games
[2011/03/18 20:01:57 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\RunningPillow
[2010/10/21 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Sahmon Games
[2009/09/12 22:56:38 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Sanna
[2010/10/10 21:24:32 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Scholastic
[2010/11/18 09:02:30 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\ScreenSeven
[2010/12/28 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Settlement. Colossus
[2010/07/08 23:58:07 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\SevenSails
[2010/08/25 08:54:56 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\ShaoLin
[2009/09/25 12:22:08 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\she_is_a_shadow
[2011/03/06 20:46:55 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\ShinyTales
[2010/07/17 22:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Silverback Productions
[2010/06/26 22:01:47 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Skunk Studios
[2011/01/30 00:26:18 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Sleepwalker Games
[2010/08/29 23:05:50 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Specialbit
[2010/11/22 13:29:24 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\SulusGames
[2010/06/26 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\TeleportGamesLtd
[2010/09/13 21:46:31 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Ten Heavens
[2010/12/29 02:00:42 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\TheFixerUpper
[2010/11/06 23:44:43 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\ThreeDays2
[2010/12/12 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\TikGames
[2011/03/25 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\TikisLab
[2010/05/23 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Top Evidence
[2009/09/17 11:01:35 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\V-Games
[2009/10/09 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\VampireSaga
[2011/02/26 00:12:43 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Vast Studios
[2010/05/23 23:23:18 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\VendelGAMES
[2011/01/30 00:35:26 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Virtual City
[2011/02/28 00:48:17 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Virtual Prophecy
[2010/07/17 21:26:51 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Vogat Interactive
[2011/04/28 21:59:01 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\WenSoftware
[2010/09/14 22:06:19 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Whisper of a Rose Saves
[2011/04/02 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\World-LooM
[2011/05/26 21:18:46 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\YoudaGames
[2010/10/06 21:11:34 | 000,000,000 | ---D | M] -- C:\Users\Sere\AppData\Roaming\Zuzu
[2011/07/17 11:08:31 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2004/10/05 13:36:18 | 005,020,616 | ---- | M] () -- C:\CookBook.CAB
[2010/03/03 16:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
[2011/08/04 13:13:53 | 2112,835,583 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/09 21:21:41 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/08/04 13:13:46 | 2426,425,343 | -HS- | M] () -- C:\pagefile.sys
[2004/10/05 12:41:34 | 000,003,332 | ---- | M] () -- C:\readme.txt
[2000/07/15 00:00:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\setup.exe
[2004/10/05 13:36:18 | 000,006,010 | ---- | M] () -- C:\SETUP.LST
[2011/07/12 15:55:26 | 000,062,956 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_12.07.2011_15.54.46_log.txt
[2001/06/18 18:49:22 | 000,006,616 | ---- | M] () -- C:\UserLic.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/10/20 02:36:07 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2008/10/20 02:36:07 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USER32.DLL >
[2008/01/20 22:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008/01/20 22:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/11 03:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009/04/11 03:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

< MD5 for: WS2_32.DLL >
[2008/01/20 22:49:45 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2009/04/11 03:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\SysNative\ws2_32.dll
[2009/04/11 03:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:65929158
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:4FE42FFC
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C07A6A6B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:EE39C93C
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:845A2F1C
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:56F368C9
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:C7F08EA3
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:8E9C9E8F
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:D3A89E47
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:751D6870
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:80EA2EA3
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:D453E38B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:17CAA796
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:A26AFC00
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:7EC01D6D
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:1CDEDE11
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:A5264343
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:27F44544
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:74091520
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:2F141B68
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:8EB547C3
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:744022A1
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:425759C6
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:92D86FE5
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:0483BBEB
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:AF2F4B57
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:C602FACB
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:52D492DA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:69AF9D20
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:6444B424
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:3D36932D
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:CB0FEE2B
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:5E9B629B
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:000A1C66
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:E5E3EB25
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:5707BC58
@Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:F0CAA752
@Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:9131FEC3
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:A13B1B25
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:81F54BD5
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:2C4CFF17
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:F9685B89
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:E6B3E318
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:7FC2D37B
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:138A0A84
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:04A88719
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:D86B56BC
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:8DA5A13A
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:302CDEC6
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:40901298
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:9F47F32C
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:794B5AE4
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:2502B755
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:EF258AD5
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:89D8776D
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:B41011C4
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:F236B230
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:EE459A42
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:68C30762
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:31DA5CFD
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:E85475C7
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:C81971AB
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:BA37E1F6
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:1E6212E6
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:047BD65A
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:D06137DE
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:A35E90A1
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:931BB48A
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:18E75326
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:0194DAD3
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:E4E902F0
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:D3306355
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:A93A1878
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:A5911AD8
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:9A1A77DD
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:82A3B721
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:4D3521E6
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:3DCE5578
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:3C719ABF
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:FB7959F6
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:E93D34B5
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:B9BA72C4
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:439A20A3
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:3BE982EA
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:3BB3AE6B
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:2498D8A2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:C5CE2DF6
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:A698041D
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:9F6E8CED
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:756A3FF0
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:7198E1D2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:447AD91E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:FD8B663E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:F00A953B
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:862BAD66
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:7E2E5606
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:64D6413B
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:58ED656A
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:30308E0E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:2F765C46
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:89E0CDE8
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:65B8650D
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:28FDAEDD
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:15C28023
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:CADCEDF4
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:3FF2B6F1
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:05FF9B2E
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:9E7A0CF1
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:7CAC05C3
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:78F92007
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:737EACFF
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:4A7D5964
@Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:7EB8837A
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:F9CA48AF
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:DEBFF9C6
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:D086686F
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:B7C6AAAB
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:9F317003
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:94E8CC47
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:9485E512
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:2F5B92DA
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:CEB60D1E
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:40464012
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:F585E6E5
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:C04C48D4
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:6107A753
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:47771716
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:3EB6E559
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:2540E96D
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:0FD08324
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:0AACFF9D
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:DADCBB58
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:9D605054
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:9B67B947
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:531885AC
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:350C5B9E
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:FEC6F1CA
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:F78518BB
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:F5635016
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:E3843FA6
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:8B2A48B2
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:824FFC43
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:60F6915A
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:DA23AD9A
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:40D7AF1D
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:F0E52E4F
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:BB28698A
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:A4CB1038
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:91DAFF12
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:1218B03A
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:E2D111A5
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:F3366735
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DD9FFC08
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:9BAFBDA0
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:8B0DD95F
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:6CC5B040
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:17BC022C
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:0CA3A933
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:D33169E5
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:B6AF2226
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:26CA02B6
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:26233902
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:1D753517
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:E77558A0
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:F2B69A18
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:96E55887
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:969736FD
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:6C517343
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:6837B088
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:1E73B7C5
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:08390D61
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:EDE10845
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:B22AB01A
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:8E20E2DB
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:839ADBB2
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:79FD1F58
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:8A5AE0DA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:6E1F359F
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:55905E7D
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:5443FDCF
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:F24AD862
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:EAD1940E
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:C552BEDE
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:C3983243
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:4EA002DF
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:2B782FD1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:6AA2AD51
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:93F0301A
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E98B604F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:DCE3590B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9C31E38F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:3AD6342E
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0616FC84
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:F164CEA1
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C0893153
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:BBE07C18
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:957053A5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:938EB9FC
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3A7527E8
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:1B565D04
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DE875C30
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:88A44CC1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4F7FE589
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C0A9B815
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:7CC16245
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:48F5C64F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:6B7447D4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:2495D97A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BF6C81B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:AB3339EF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1BD02801
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:BCDBBA6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:AF24D911
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9DEA1BCB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:99C301D0
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:6E11933F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:223AE803
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:08E5EE32
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A2FF62A6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:90C12AC3
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:88C0A705
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:488F7244
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:16ADBA30
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0C73962F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:DDF112BD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:DC21D414
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:D9F34335
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:ADFAD95A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:ADBB571A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:627153F1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:583FE1DA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2DF54B62
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0696EC8E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:B4F0E275
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AA0BC725
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:518C333F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:32A82570
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E7B4296D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B58DB468
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:94B46CA2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:7C85EDF8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:29F0CA7D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:18BFD8F8
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E6C6EB3B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:A279C25A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:71004506
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4C8FA829
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1181620C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:D0003616
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:75CC0165
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D93AABC7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D47B19A6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BAC56E61
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A7B70C4E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:89C28CF6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0EC7A545
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:8DD20B4A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:869E45C2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3D186293
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:F2E87A32
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:CBB4BFCD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5CE91C67
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:43ECEA33
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A60D0FA6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A1023D41
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5FA4CB99
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:443F2F8E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:424D7CFE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:041C0562
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F94BD29B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:9D6EAEC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:88FD3ED6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:3DB6F365
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:27D3515D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:13EF4AF6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D80C94F4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:6F0B6A5A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4C31986D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:25249477
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:124B94C0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:109734F6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:888468D3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7A032A04
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:71AEFFEB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4A448DB2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:29861223
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:15B5F596
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:12FE8709
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:EEB25EAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D8D58038
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:ADE67221
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9B721CFF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:79875988
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B8D7701E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A43CC602
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:98982C88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:609CAC7C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:50636E35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:38FF076E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C30487EE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BF2E2F0E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:554B3BF6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F986CC21
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:ED2998F5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:864881BF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5EF1AD34
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B1786630
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:870649A4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:700B9342
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4FA837B4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4B1195DD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:20DF40C7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E732B44B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D9987109
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A5584049
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4EEC7800
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:9FD757A9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:67CF910D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2F1D743F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2EA99C48
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0FA1EAA7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0C13C008
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:FC2D0F32
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B3196E8D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:8BFA0030
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6813E7F4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4A2862FF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2ADF9928
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:268BA8AB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C611D6C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:996104FC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:73AFBB96
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:73461BFA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:370E4EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2702A8B3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1D6B18F1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B8EB1B99
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B0BD7797
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A58B27C9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:769BB147
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:71112705
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:56C17A93
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:467B79B8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:386B39C3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:EE7AAC75
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CEF2A14E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CA99FD89
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:C186F20B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:65AB2A58
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4BBB987B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:27652001
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:25BB767E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E91ADC66
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:82529191
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:3B812EE0
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:F36BFA23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:AC0528D9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:40D8F125
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:1CB96B16
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:008586AE
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:B845F669
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:AC73CDCE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:AABCC5A7
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:B1381B34
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:4F8B72C9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:BD9F7E4E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:95198126

< End of report >

Extras
OTL Extras logfile created on: 8/4/2011 1:28:59 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Sere\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 3.92 Gb Available Physical Memory | 65.74% Memory free
12.05 Gb Paging File | 9.85 Gb Available in Paging File | 81.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.78 Gb Total Space | 286.15 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.13 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
Drive E: | 3.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SERE-LAPTOP | User Name: Sere | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1665857451-3264436239-903903683-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = D0 2E CC 0F A9 FE C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031793AC-9BB0-4A19-8381-C6B1E4912883}" = lport=139 | protocol=6 | dir=in | app=system |
"{045E1219-45E8-4FB9-AA82-882A1361310A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0470F2B9-88CB-4F94-898A-B5B612CCA8E9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{198358E4-F890-4B5C-AD5F-B9F4751FD932}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22BA322A-3B18-416B-A9B8-66BCEBE67A95}" = rport=445 | protocol=6 | dir=out | app=system |
"{38687B2B-BCB2-4850-B37E-602AF87B67F8}" = rport=138 | protocol=17 | dir=out | app=system |
"{404E55AC-8E14-45CD-A114-FD8EE50FFC34}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4383D0BA-07EC-403C-A851-5074524983E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46B9A29E-DF64-4B9B-9BA2-ED9D1000EE59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47835B0C-08AE-4B56-9322-00098DEFDF9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CD3ED51-B1BC-4703-859D-3E1355C2615B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6957C188-E744-43CE-8DD2-0A823CC4A66B}" = lport=137 | protocol=17 | dir=in | app=system |
"{7360D114-7626-4E50-AA67-6F6BE614464D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74DD4E31-DB6A-4450-BBB9-6904F7794233}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{79348861-F8CF-42A1-A00C-F3EE4BC936DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7CF8A5F6-C2B2-4E5A-8851-B83395DB215E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92E173F5-B19F-49EA-AE3A-EECFD2F356B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97E7F829-47C4-4396-B533-CD0BE3C8C4EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{9EF95A20-0C8D-4A0C-9A96-E8011A84BBA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{C857A8B5-B54D-42D5-BC89-742515C99AE6}" = lport=138 | protocol=17 | dir=in | app=system |
"{CDB5EA7A-10D1-4F69-9B63-2275F55178F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA2EF41A-9A64-41E6-9DCB-76E2CAAFDBE2}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D35D91-1CDE-4576-AC4D-1B259FEC241C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{018250EA-2702-491B-BCC2-7824EA43C1AD}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{0C9ED307-F518-4FFC-9C1B-98F97FE4B731}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{0EB782AF-19E0-4372-8CE2-B48166F287D5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{13022241-B429-4187-A2CE-F3A2BD1B069A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13687967-CEFE-4F6D-9273-403AA1DA6A48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15341BAC-1049-40D6-A369-7074B2B67F9A}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{16ABE7D6-87F7-479B-B7D0-361083BB458D}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{1BB1808B-D60C-46DB-82C8-813792883BA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{1FA60E8B-7606-457B-8D8D-FF71516646BD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{21913D53-73C6-421F-A741-24626395FE54}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{21BBF8BF-134A-4F52-B794-819CD8BD5F5F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{21E1D710-93AA-4302-887E-47D8407A2EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{24690CC1-7944-4A98-B4A9-97CA3B28639A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{277CCCE6-A345-43C7-82FA-BB1B4A600CDC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{28832851-69B4-4862-B5E8-6C73DDD621C5}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{2EEEA6B3-E8FE-461E-8751-D71BD9720753}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{304C2BE3-D5CC-48FE-A67C-2198564D633C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3174808E-DACA-472D-8211-A89C333BEEC5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3865FC32-D37D-4FEC-B183-817972168258}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{389DA744-04E6-45E8-AB97-D85DEB02CD08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3F2D19EB-0860-4386-8AD2-5629CF234E20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40065918-904E-46BA-8B6A-EC11EE85E031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40D62993-8AB9-4505-B5BF-BD57CF9A2EBB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{47B0CD90-B96D-471A-8D87-181C2C4ED8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{4B5C1563-1521-446F-BE36-7589FC3D31AC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4FD9574F-109E-4A71-A0C3-D57F6A87F55D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54603EF6-0646-4462-A6C2-872D8DE73E08}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{56D2FB73-F84D-4450-BA8A-5FA7761922EF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5E4F3954-6E78-40D1-BA4A-642C78E47286}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{5F75A2B9-BC2C-4FB4-A9F1-4BA22387E405}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{61353423-065A-4EA6-848E-CD35789FF310}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{63E09806-2436-4776-8CA8-1C90B3A4F323}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64F72B4D-745B-48CB-9EDD-93B4E37513B5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{6B002A4C-540A-4833-8F5E-476E77D0A1C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6CE0B45A-1807-4844-9073-1A80259123DD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{7359A81C-D60B-4A0F-B5C4-28B0F8F374EE}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{743DFCB3-29B3-4E12-9914-F96FF1EBA0B6}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{7466AC57-A72C-425F-8BE5-0E9160B2E455}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{768CD614-C711-4342-A12C-32FB335CD33F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{76D24DEB-418B-4765-815F-F060D8C76A53}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{789F2246-00C5-488D-8932-549EF635E2E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8B4C9B02-B110-4464-B88A-B4613F65DD83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C3DFF2D-576C-49D5-98D5-C11D9A3D91FB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{8E2750B8-2A65-4A66-90FC-FD973DB8614D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hazen the dark whispers\bin\hazen.exe |
"{8FFB14CD-862C-476D-944D-341607525BD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{919E6BC8-6525-4038-9E28-2C5A73D8AA05}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{95530985-85BB-4BE2-8DB1-2ED5A7641EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{9582F4F1-E881-401B-A37B-1FC3C88A0535}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{9725DA96-3DCD-47FA-B498-1A4F376250E1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{972C8DC4-A170-48DF-9651-35B9CEDCB7AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99C97763-EA61-41D6-91F9-DA8CD0B26389}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{9C5CD35A-3800-4FED-9968-6C25F36FA086}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CCA97CB-04A6-44F5-9835-03203A951848}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{A1E4BFEB-518D-42E9-93EA-3D5610274284}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABB38800-82AE-4C3E-A481-A22DD359A5D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hazen the dark whispers\bin\hazen.exe |
"{B204225B-2649-41F6-8D05-4C3C1C44187D}" = protocol=6 | dir=out | app=system |
"{B3320A2B-B4C9-49F4-9169-D96FBAD48C83}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{B49D5FAD-9015-4A27-9EA7-0882E6171567}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{BE345DA5-9184-4CD2-898F-82D3A56C3CFE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{BEBF8FC6-1E5B-47FC-8ED7-E560B5B38FC2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{C1AF434A-B7D3-404E-B596-1B91A2FB4689}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2152D18-847B-4167-8803-FCFD25D8084C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C907A31D-9A91-4184-B907-4BD1CC8B798F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CA1503BC-C42B-4B1F-85F1-E2BB23E7C7F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD79D148-89F0-4247-8B1D-8C159533D30C}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{CDFCEA6C-7563-49BE-A200-6F4DD447DAE5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{CF3FE2A3-32A4-4898-A82F-1FAA4CEAC6DA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{D00FD760-45DD-4C38-89DD-B33DC104789D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{D34D110C-1713-45B9-94C6-204E8B604794}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{D4DD6933-3E6C-428F-B32A-C1540454DB3B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D820A8DA-5736-4C8C-831B-3CC7768A73BF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{DEE7FDC7-5AFE-4404-9E9E-6701BD4D71EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{E4CE5FEE-FB0B-4FE2-986A-218047428224}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{E6B49947-D9D4-4690-AE66-515DF6F3AB80}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{EAD77BC8-8288-4494-9444-AC6158774400}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EEF49B44-38EC-4CF1-B142-778FA6EE1DCE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{EF0972BE-7A7A-44B0-A964-DC5F9B7B30E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F89B7B1D-F77C-44D2-822E-94FA2CF73A26}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{F8B4EC6D-8DED-48D4-85B7-27C80E7A18B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF53B0D1-8B36-45B6-8688-B531D5509F0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{38F6D4C6-A80E-41E3-86D5-CF84C2B6D97D}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{3D5AF4A5-07E4-43A4-849E-4E1E19B93FBE}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{6BF6E6EF-504A-4442-A385-EB32D105CA73}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{865EBD5F-11C3-4914-B21C-9380D5A0AA53}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{B4A1810A-2DBD-4EB3-AE84-B9573318C1C0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C34D474C-5FF9-4C6C-8311-7A958C6AFEEF}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{0820FBD6-4B54-467F-8C99-A8E6D1D61786}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{3B668387-92DC-4298-A851-A5EE6273C2D0}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{9B1FA6AA-4582-4C32-A1F6-45B46A6F37F8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{CB730BF7-16ED-4E08-9EAE-642FBA43975A}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{E83EAA8E-E317-4874-B580-0C228D158CCD}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"UDP Query User{FACA476B-A1DD-463A-A67D-DD42E1493F18}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F991EC04-D713-466B-A70B-78D460AC85D8}" = AVG 2011
"{FA109F0F-122E-4D48-9DBF-14DC02EE85E4}" = AVG 2011
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2011
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 26
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{453C9E55-80DF-4BD2-9885-52A1FB0D9382}" = eReader
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E321D364-2EA9-4906-BBAC-AD0246F9D3E7}" = Food Network Recipe Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"AIM_6" = AIM 6
"BFGC" = Big Fish Games: Game Manager
"BN_DesktopReader" = NOOK for PC
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Derrick" = Derrick (remove only)
"Design Manager" = Design Manager
"Detective Agency: The Banker's Wife" = Detective Agency: The Banker's Wife (remove only)
"Digital Editions" = Adobe Digital Editions
"DTGDesktop" = Documents To Go Desktop for iPhone
"Epic Adventures: Cursed On board" = Epic Adventures: Cursed On board (remove only)
"Escape from Thunder Island" = Escape from Thunder Island (remove only)
"Farmer's Market" = Farmer's Market (remove only)
"Farmscapes: Collector's Edition" = Farmscapes: Collector's Edition (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"iWinArcade" = iWin Games (remove only)
"Little Shop: Road Trip" = Little Shop: Road Trip (remove only)
"Magic Farm: Ultimate Flower" = Magic Farm: Ultimate Flower (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mystery of Mortlake Mansion" = Mystery of Mortlake Mansion (remove only)
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"Roads of Rome 2" = Roads of Rome 2 (remove only)
"Runic Games Torchlight" = Torchlight
"Samsung CLX-3160 Series" = Samsung CLX-3160 Series
"Stanza" = Stanza
"Star Crossed Love" = Star Crossed Love (remove only)
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 46730" = Hazen: The Dark Whispers
"Stroke of Midnight" = Stroke of Midnight (remove only)
"Supermarket Management 2" = Supermarket Management 2 (remove only)
"Turtix" = Turtix (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Women's Murder Club: Triple Crime Pack" = Women's Murder Club: Triple Crime Pack (remove only)
"World of Warcraft" = World of Warcraft
"WriteWay1.8" = WriteWay
"Youda Survivor 2" = Youda Survivor 2 (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1665857451-3264436239-903903683-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 04 August 2011 - 05:57 PM

Hello, blackswordsman.



Viewpoint (foistware) Warning"

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.




Overall, the logs look good. Let's clean up some orphaned entries, remove an old version of java that is a security risk and run an online virus scan.



Step 1

Next, we need to remove old Java versions.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 7
  • Reboot your computer once all Java components are removed.




Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - Reg Error: Key error. File not found
    O4 - HKU\S-1-5-21-1665857451-3264436239-903903683-1000..\Run: [Aim6] File not found
    O4 - HKU\S-1-5-21-1665857451-3264436239-903903683-1000..\Run: [HPAdvisor] File not found
    O4 - HKU\S-1-5-21-1665857451-3264436239-903903683-1000..\Run: [WMPNSCFG] File not found
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 blackswordsman

blackswordsman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 05 August 2011 - 02:54 PM

Step One) I removed the Viewpoint and the Java and rebooted

Step Two) Fix Log:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1665857451-3264436239-903903683-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\ not found.
Registry value HKEY_USERS\S-1-5-21-1665857451-3264436239-903903683-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 not found.
Registry value HKEY_USERS\S-1-5-21-1665857451-3264436239-903903683-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisor not found.
Registry value HKEY_USERS\S-1-5-21-1665857451-3264436239-903903683-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sere
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36659919 bytes
->Java cache emptied: 39348753 bytes
->FireFox cache emptied: 50530380 bytes
->Google Chrome cache emptied: 6233597 bytes
->Flash cache emptied: 210885 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24285661 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 150.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08052011_130334

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\etilqs_6swcdfgEUEkOFyGLx4mg not found!
File\Folder C:\Windows\temp\etilqs_aPY1lCipBO192OCcFvFk not found!
File\Folder C:\Windows\temp\etilqs_fwigeMiZUhK1uW8VdujI not found!
File\Folder C:\Windows\temp\etilqs_T8RvUEZk4s8eOXMzrPzD not found!

Registry entries deleted on Reboot...

Scan Log:
OTL logfile created on: 8/5/2011 1:15:36 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Sere\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 67.56% Memory free
12.05 Gb Paging File | 9.98 Gb Available in Paging File | 82.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.78 Gb Total Space | 300.21 Gb Free Space | 66.45% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.13 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
Drive E: | 3.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SERE-LAPTOP | User Name: Sere | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/04 13:26:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sere\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2009/04/23 02:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/23 01:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/23 01:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/26 05:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 21:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 21:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/04 13:26:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sere\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/07/16 16:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/21 23:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/03/09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/24 18:18:17 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/17 02:23:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/23 01:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/23 01:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 12:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:12 | 000,117,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:34 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 07:53:22 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/06 20:58:35 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/06 20:58:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/16 16:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 16:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 23:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/21 23:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/25 07:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/31 09:26:20 | 005,430,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/22 01:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/08/05 23:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/07/21 06:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/28 21:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/12/09 20:42:32 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2006/12/09 20:42:30 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/08/05 15:24:54 | 000,024,568 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\sp43867\iscflashx64.sys -- (iscFlash)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=mpes#t_0"
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Sere\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sere\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sere\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 04:01:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/05 07:03:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/01/27 21:59:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/06/12 23:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 00:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/16 09:42:38 | 000,000,000 | ---D | M]

[2011/01/26 20:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sere\AppData\Roaming\Mozilla\Extensions
[2011/07/31 23:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sere\AppData\Roaming\Mozilla\Firefox\Profiles\wlp84dr0.default\extensions
[2011/01/28 23:32:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sere\AppData\Roaming\Mozilla\Firefox\Profiles\wlp84dr0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/10 00:40:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Sere\AppData\Roaming\Mozilla\Firefox\Profiles\wlp84dr0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/30 19:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/27 04:23:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 19:38:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/05 07:03:01 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/06/12 23:44:50 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\SERE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WLP84DR0.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2011/06/24 00:44:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/04 14:07:46 | 000,436,305 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1665857451-3264436239-903903683-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 10.30.10.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{78cbd19c-8bf8-11e0-99cd-00235a3fdb86}\Shell - "" = AutoRun
O33 - MountPoints2\{78cbd19c-8bf8-11e0-99cd-00235a3fdb86}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{a5f3bec6-61c4-11de-a422-00235a3fdb86}\Shell - "" = AutoRun
O33 - MountPoints2\{a5f3bec6-61c4-11de-a422-00235a3fdb86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ce9aa40c-32f5-11e0-8509-00235a3fdb86}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 11:07:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/05 07:02:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/04 13:26:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Sere\Desktop\OTL.exe
[2011/08/02 15:09:22 | 082,398,576 | ---- | C] (Apple Inc.) -- C:\Users\Sere\Desktop\iTunes64Setup.exe
[2011/07/16 14:37:06 | 000,000,000 | ---D | C] -- C:\Users\Sere\Desktop\cfWorkshops
[2011/07/12 17:47:44 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 17:47:36 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/12 17:47:36 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/07/12 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\Sere\Desktop\Logs
[2011/07/12 13:41:14 | 000,000,000 | ---D | C] -- C:\Users\Sere\Desktop\gmer
[2011/07/12 13:26:47 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Sere\Desktop\dds.scr
[2011/07/12 11:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/07/12 11:31:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/12 11:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/12 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/12 11:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/07/10 16:27:25 | 000,000,000 | ---D | C] -- C:\Users\Sere\AppData\Roaming\Ventrilo
[2011/07/09 16:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/07/09 16:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo
[2011/07/09 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

========== Files - Modified Within 30 Days ==========

[2011/08/05 13:11:44 | 000,826,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/05 13:11:44 | 000,690,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/05 13:11:44 | 000,137,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/05 13:06:45 | 000,172,718 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/08/05 13:06:01 | 000,172,718 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/08/05 13:06:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/05 13:05:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 13:05:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 13:05:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/05 13:05:33 | 2112,835,583 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/05 13:04:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/05 13:02:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/05 12:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1665857451-3264436239-903903683-1000UA.job
[2011/08/05 06:03:17 | 126,978,706 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/04 20:54:59 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1665857451-3264436239-903903683-1000Core.job
[2011/08/04 14:07:46 | 000,436,305 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/04 13:26:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sere\Desktop\OTL.exe
[2011/08/04 13:13:45 | 933,716,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/02 15:10:27 | 082,398,576 | ---- | M] (Apple Inc.) -- C:\Users\Sere\Desktop\iTunes64Setup.exe
[2011/07/31 15:03:43 | 000,000,932 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/31 14:40:09 | 000,436,245 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110804-140746.backup
[2011/07/26 08:58:51 | 000,002,593 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/07/16 14:20:59 | 000,000,732 | ---- | M] () -- C:\Users\Sere\AppData\Local\d3d9caps64.dat
[2011/07/16 14:12:32 | 101,193,927 | ---- | M] () -- C:\Users\Sere\Desktop\cfWorkshops.zip
[2011/07/13 03:21:26 | 002,463,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/12 16:17:52 | 000,435,677 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110731-144009.backup
[2011/07/12 13:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Sere\defogger_reenable
[2011/07/12 13:26:48 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Sere\Desktop\dds.scr
[2011/07/12 13:26:26 | 000,050,477 | ---- | M] () -- C:\Users\Sere\Desktop\Defogger.exe
[2011/07/12 12:29:55 | 000,000,872 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2011/07/09 16:29:59 | 000,000,742 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Ventrilo.lnk
[2011/07/09 16:29:48 | 000,000,268 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/09 16:07:23 | 000,002,635 | ---- | M] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/04 13:13:45 | 933,716,935 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/16 14:11:01 | 101,193,927 | ---- | C] () -- C:\Users\Sere\Desktop\cfWorkshops.zip
[2011/07/12 13:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Sere\defogger_reenable
[2011/07/12 13:26:17 | 000,050,477 | ---- | C] () -- C:\Users\Sere\Desktop\Defogger.exe
[2011/07/12 12:29:55 | 000,000,872 | ---- | C] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2011/07/12 11:31:00 | 000,000,932 | ---- | C] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/09 16:29:59 | 000,000,742 | ---- | C] () -- C:\Users\Sere\Application Data\Microsoft\Internet Explorer\Quick Launch\Ventrilo.lnk
[2011/07/09 16:29:42 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/28 22:29:14 | 000,000,695 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Preferences.rbbook
[2011/04/28 22:29:14 | 000,000,140 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Ingredients.rbbook
[2011/04/28 22:29:14 | 000,000,039 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Measurements.rbbook
[2011/04/28 22:29:14 | 000,000,036 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Preparations.rbbook
[2011/04/28 22:29:14 | 000,000,030 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\Recipe Box Menus.rbbook
[2010/12/01 01:28:27 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2010/10/17 20:20:31 | 000,000,239 | ---- | C] () -- C:\Users\Sere\AppData\Roaming\prefsdb.dat
[2010/08/22 23:32:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/04/30 21:12:18 | 000,017,920 | ---- | C] () -- C:\Users\Sere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/13 09:31:41 | 000,004,601 | ---- | C] () -- C:\Windows\xnview.ini
[2009/09/03 12:22:55 | 000,000,732 | ---- | C] () -- C:\Users\Sere\AppData\Local\d3d9caps64.dat
[2009/07/06 10:25:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/06 10:25:11 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/06 10:24:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/08 00:59:39 | 000,000,680 | ---- | C] () -- C:\Users\Sere\AppData\Local\d3d9caps.dat
[2009/05/30 22:17:20 | 000,172,718 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/30 12:18:26 | 000,172,718 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/17 02:11:09 | 000,814,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/10/20 02:23:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/20 01:53:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/27 12:47:33 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2008/02/27 12:47:33 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:65929158
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:4FE42FFC
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:C07A6A6B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:EE39C93C
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:845A2F1C
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:56F368C9
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:C7F08EA3
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:8E9C9E8F
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:D3A89E47
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:751D6870
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:80EA2EA3
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:1F96ED45
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:D453E38B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:17CAA796
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:A26AFC00
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:7EC01D6D
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:1CDEDE11
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:A5264343
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:27F44544
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:74091520
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:2F141B68
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:8EB547C3
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:744022A1
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:425759C6
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:92D86FE5
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:0483BBEB
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:AF2F4B57
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:C602FACB
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:52D492DA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:69AF9D20
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:6444B424
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:3D36932D
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:CB0FEE2B
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:5E9B629B
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:000A1C66
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:E5E3EB25
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:5707BC58
@Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:F0CAA752
@Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:9131FEC3
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:A13B1B25
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:81F54BD5
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:2C4CFF17
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:F9685B89
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:E6B3E318
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:7FC2D37B
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:138A0A84
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:04A88719
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:D86B56BC
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:8DA5A13A
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:302CDEC6
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:40901298
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:9F47F32C
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:794B5AE4
@Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:2502B755
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:EF258AD5
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:89D8776D
@Alternate Data Stream - 180 bytes -> C:\ProgramData\Temp:B41011C4
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:F236B230
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:EE459A42
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:68C30762
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:31DA5CFD
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:E85475C7
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:C81971AB
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:BA37E1F6
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:1E6212E6
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:047BD65A
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:D06137DE
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:A35E90A1
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:931BB48A
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:18E75326
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:0194DAD3
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:E4E902F0
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:D3306355
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:A93A1878
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:A5911AD8
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:9A1A77DD
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:82A3B721
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:4D3521E6
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:3DCE5578
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:3C719ABF
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:FB7959F6
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:E93D34B5
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:B9BA72C4
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:439A20A3
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:3BE982EA
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:3BB3AE6B
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:2498D8A2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:C5CE2DF6
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:A698041D
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:9F6E8CED
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:756A3FF0
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:7198E1D2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:447AD91E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:FD8B663E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:F00A953B
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:862BAD66
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:7E2E5606
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:64D6413B
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:58ED656A
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:30308E0E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:2F765C46
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:89E0CDE8
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:65B8650D
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:28FDAEDD
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:15C28023
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:CADCEDF4
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:3FF2B6F1
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:05FF9B2E
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:9E7A0CF1
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:7CAC05C3
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:78F92007
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:737EACFF
@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:4A7D5964
@Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:7EB8837A
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:F9CA48AF
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:DEBFF9C6
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:D086686F
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:B7C6AAAB
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:9F317003
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:94E8CC47
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:9485E512
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:2F5B92DA
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:CEB60D1E
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:40464012
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:F585E6E5
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:C04C48D4
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:6107A753
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:47771716
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:3EB6E559
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:2540E96D
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:0FD08324
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:0AACFF9D
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:DADCBB58
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:9D605054
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:9B67B947
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:531885AC
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:350C5B9E
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:FEC6F1CA
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:F78518BB
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:F5635016
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:E3843FA6
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:8B2A48B2
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:824FFC43
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:60F6915A
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:DA23AD9A
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:40D7AF1D
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:F0E52E4F
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:BB28698A
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:A4CB1038
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:91DAFF12
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:1218B03A
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:E2D111A5
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:F3366735
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DD9FFC08
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:9BAFBDA0
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:8B0DD95F
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:6CC5B040
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:17BC022C
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:0CA3A933
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:D33169E5
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:B6AF2226
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:26CA02B6
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:26233902
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:1D753517
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:E77558A0
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:F2B69A18
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:96E55887
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:969736FD
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:6C517343
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:6837B088
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:1E73B7C5
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:08390D61
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:EDE10845
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:B22AB01A
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:8E20E2DB
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:839ADBB2
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:79FD1F58
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:8A5AE0DA
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:6E1F359F
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:55905E7D
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:5443FDCF
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:F24AD862
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:EAD1940E
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:C552BEDE
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:C3983243
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:4EA002DF
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:2B782FD1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:6AA2AD51
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:93F0301A
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E98B604F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:DCE3590B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9C31E38F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:3AD6342E
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0616FC84
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:F164CEA1
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C0893153
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:BBE07C18
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:957053A5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:938EB9FC
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3A7527E8
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:1B565D04
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DE875C30
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:88A44CC1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4F7FE589
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C0A9B815
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:7CC16245
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:48F5C64F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:6B7447D4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:2495D97A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BF6C81B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:AB3339EF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1BD02801
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:BCDBBA6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:AF24D911
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9DEA1BCB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:99C301D0
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:6E11933F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:223AE803
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:08E5EE32
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A2FF62A6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:90C12AC3
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:88C0A705
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:488F7244
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:16ADBA30
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0C73962F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:DDF112BD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:DC21D414
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:D9F34335
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:ADFAD95A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:ADBB571A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:627153F1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:583FE1DA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2DF54B62
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0696EC8E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:B4F0E275
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AA0BC725
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:518C333F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:32A82570
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E7B4296D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B58DB468
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:94B46CA2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:7C85EDF8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:29F0CA7D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:18BFD8F8
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E6C6EB3B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:A279C25A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:71004506
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4C8FA829
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1181620C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:D0003616
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:75CC0165
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D93AABC7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D47B19A6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BAC56E61
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A7B70C4E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:89C28CF6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0EC7A545
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:8DD20B4A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:869E45C2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3D186293
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:F2E87A32
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:CBB4BFCD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BCDC6E07
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5CE91C67
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:43ECEA33
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A60D0FA6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A1023D41
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5FA4CB99
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:443F2F8E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:424D7CFE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:041C0562
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F94BD29B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:9D6EAEC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:88FD3ED6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:3DB6F365
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:27D3515D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:13EF4AF6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D80C94F4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:6F0B6A5A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4C31986D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:25249477
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:124B94C0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:109734F6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:888468D3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7A032A04
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:71AEFFEB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4A448DB2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:29861223
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:15B5F596
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:12FE8709
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:EEB25EAE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D8D58038
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:ADE67221
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9B721CFF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:79875988
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B8D7701E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A43CC602
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:98982C88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:609CAC7C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:50636E35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:38FF076E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C30487EE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BF2E2F0E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:554B3BF6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F986CC21
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:ED2998F5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:864881BF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5EF1AD34
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B1786630
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:870649A4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:700B9342
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4FA837B4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4B1195DD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:20DF40C7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E732B44B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D9987109
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A5584049
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4EEC7800
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:9FD757A9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:67CF910D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2F1D743F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2EA99C48
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0FA1EAA7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0C13C008
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:FC2D0F32
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B3196E8D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:8BFA0030
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6813E7F4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4A2862FF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2ADF9928
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:268BA8AB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C611D6C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:996104FC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:73AFBB96
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:73461BFA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:370E4EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2702A8B3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1D6B18F1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B8EB1B99
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B0BD7797
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A58B27C9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:769BB147
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:71112705
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:56C17A93
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:467B79B8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:386B39C3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:EE7AAC75
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CEF2A14E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CA99FD89
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:C186F20B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:65AB2A58
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4BBB987B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:27652001
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:25BB767E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F43B7E8F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E91ADC66
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:82529191
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:3B812EE0
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:F36BFA23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:AC0528D9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:40D8F125
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:1CB96B16
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:008586AE
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:B845F669
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:AC73CDCE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:AABCC5A7
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:B1381B34
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:4F8B72C9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:BD9F7E4E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:95198126

< End of report >


Step Three) I ran the online scan it ran for about 2 hours but at the end it did not give me the option to create a log file it just said No threats were found there was a checkbox that said uninstall components on close and a finish button. I clicked the checkbox and pressed finish and it closed.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 06 August 2011 - 06:06 AM

How is it running now? I think you got rid of everything already and we can clean up, unless you are having lingering problems.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 blackswordsman

blackswordsman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 08 August 2011 - 06:32 AM

Everything seems to be running fine now. No problems. Thank you for all your help.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 08 August 2011 - 05:30 PM

Hello, blackswordsman.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1


OK. please launch OTL and press the Clean Up button!





Step 2

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  • Go to Start and type in SystemPropertiesProtection and run that program.
  • Select the System Protection tab.
  • Press Create.
  • Give the restore point a name and press create.
  • You'll see it work, then say that it was created sucessfully.


Now, we need to remove the old, infected points using DiskCleanup.
  • Click on Start --> My Computer
  • Right-click on C: and select Properties.
  • Click on Disk Cleanup.
  • Double-click Files from all users on this computer.
  • Click on More Options tab and press Clean Up... under System Restore and Shadow Copies.
  • Click OK.
  • You'll get a couple of prompts asking if you're sure you want do to this, select Yes for them.
  • Disk cleanup will remove those restore points and close itself.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 13 August 2011 - 06:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users