Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting redirected from Google searches


  • This topic is locked This topic is locked
14 replies to this topic

#1 Punch Clock Heroine

Punch Clock Heroine

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 14 July 2011 - 04:05 AM

I get redirected to sites like scour.com and find-quick-results.com.

I tried running DDS; it says it doesn't support my OS, which is Windows XP Pro 64-bit. Likewise, most of GMER's check boxes do not allow me to select them for whatever reason.

Posted Image

Posted Image

Any help is appreciated!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 29 July 2011 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409455 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Punch Clock Heroine

Punch Clock Heroine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 29 July 2011 - 07:09 PM

This computer is running Windows XP Pro 64-bit.

When I perform a Google search, I am redirected to unrelated sites (usually scour dot com) that have nothing to do with what I originally searched for. It happens with IE and Firefox, and less often with Google Chrome. Resetting the router, a Netgear WNDR3700v2, can sometimes provide a temporary fix. I've also tried going into Network Connections and selecting "Repair". This generally fails to work as well. Lastly, I've tried simply restarting the computer. Again, this sometimes works, but the problem persists.

Someone else in the household downloaded Malwarebytes' Anti-Malware and SUPERAntiSpyware on this computer and ran some scans. Nothing changed.

The other computer in our household was badly infected and cleaned. The person who owns that computer has said that Google redirects have stopped since then.

DDS still does not work; it says the OS is not supported. I can't run GMER for the same reason.

Edited by Punch Clock Heroine, 29 July 2011 - 07:09 PM.


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:04 PM

Posted 30 July 2011 - 07:27 AM

Hello Punch Clock Heroine, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Now, let's get started...

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Best Regards,
oneof4.


#5 Punch Clock Heroine

Punch Clock Heroine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 01 August 2011 - 06:35 PM

OTL logfile created on: 8/1/2011 7:29:22 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\U111AB38495673bbr1578f7
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.60% Memory free
3.87 Gb Paging File | 2.73 Gb Available in Paging File | 70.46% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.23 Gb Total Space | 13.88 Gb Free Space | 20.05% Space Free | Partition Type: NTFS
Drive D: | 69.23 Gb Total Space | 45.26 Gb Free Space | 65.38% Space Free | Partition Type: NTFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RUGART-E88E86ZZ | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 19:18:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\U111AB38495673bbr1578f7\OTL.exe
PRC - [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/25 01:00:43 | 000,399,536 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/06/15 11:02:25 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/08/17 10:41:42 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/15 03:42:56 | 000,203,944 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrB.exe
PRC - [2008/12/15 03:42:51 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2005/11/22 11:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/11/22 11:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 19:18:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\U111AB38495673bbr1578f7\OTL.exe
MOD - [2010/09/07 18:04:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
MOD - [2007/02/18 13:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime
MOD - [2007/02/18 13:05:22 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2005/03/25 08:00:00 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/05/04 18:51:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/08/17 10:41:42 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/12/15 03:42:56 | 000,203,944 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2008/12/15 03:42:51 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/07/25 13:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/28 23:05:00 | 000,660,992 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2007/02/17 02:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 22:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/11/22 11:29:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/11/22 11:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/11/22 11:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/11/22 00:47:56 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/11/22 00:47:10 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2005/11/22 02:51:20 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\Drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/03/25 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2004/06/24 13:00:08 | 000,006,656 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysWOW64\Drivers\AsProbe.sys -- (AsProbe)
DRV - [2003/10/21 05:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\HA10KX2K.SYS -- (ha10kx2k)
DRV - [2003/10/21 05:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/10/21 05:22:18 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2003/10/13 23:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\CTDVDA2K.SYS -- (ctdvda2k)
DRV - [2003/10/13 05:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2003/10/07 22:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2003/10/07 22:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2003/10/07 22:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2003/10/07 22:06:04 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\CTAUD2K.SYS -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/10/06 02:46:14 | 000,606,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2003/10/06 02:44:58 | 000,581,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2003/10/06 02:44:28 | 000,114,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2002/12/29 22:53:36 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\Drivers\CTGAME.SYS -- (ctgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6C 74 F6 01 31 2A 8C 4D BF CA 85 93 CB 27 25 FE [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6C 74 F6 01 31 2A 8C 4D BF CA 85 93 CB 27 25 FE [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6C 74 F6 01 31 2A 8C 4D BF CA 85 93 CB 27 25 FE [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6C 74 F6 01 31 2A 8C 4D BF CA 85 93 CB 27 25 FE [binary data]

IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6C 74 F6 01 31 2A 8C 4D BF CA 85 93 CB 27 25 FE [binary data]
IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.7
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54545
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/29 04:18:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/29 16:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/27 23:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/04/30 16:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/31 22:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pt4qw5c6.default\extensions
[2011/07/09 12:57:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pt4qw5c6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/17 03:46:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pt4qw5c6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/28 15:07:16 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pt4qw5c6.default\extensions\amznUWL2@amazon.com
[2011/07/31 22:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/13 08:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/17 04:03:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/17 05:34:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/17 04:03:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 02:13:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2736174899-410898149-3299125776-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-2736174899-410898149-3299125776-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-2736174899-410898149-3299125776-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-2736174899-410898149-3299125776-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2736174899-410898149-3299125776-500\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] File not found
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/customer/uploading/activex/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKU\S-1-5-21-2736174899-410898149-3299125776-500 Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/17 17:00:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 22:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 18:22:16 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{031768cc-89b3-11dd-8d8c-0011d8e17604}\Shell\AutoRun\command - "" = I:\setupSNK.exe
O33 - MountPoints2\{2d8daa6d-6b60-11e0-bc81-0011d8e17604}\Shell - "" = AutoRun
O33 - MountPoints2\{2d8daa6d-6b60-11e0-bc81-0011d8e17604}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d8daa6d-6b60-11e0-bc81-0011d8e17604}\Shell\AutoRun\command - "" = G:\HWPcAssistant.exe
O33 - MountPoints2\{2d8daa6e-6b60-11e0-bc81-0011d8e17604}\Shell - "" = AutoRun
O33 - MountPoints2\{2d8daa6e-6b60-11e0-bc81-0011d8e17604}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d8daa6e-6b60-11e0-bc81-0011d8e17604}\Shell\AutoRun\command - "" = G:\HWPcAssistant.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 16:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/07/29 03:18:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/07/29 03:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/07/27 23:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
[2011/07/27 23:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/07/27 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011/07/24 05:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/07/21 10:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/21 10:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/21 05:01:24 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/07/21 05:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/21 05:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/20 17:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2011/07/20 17:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinDirStat
[2011/07/19 02:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2011/07/19 02:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2011/07/19 02:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AIM
[2011/07/19 02:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/07/19 02:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/07/19 02:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/07/19 02:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/07/19 02:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/07/18 20:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexon
[2011/07/18 20:20:54 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/07/18 20:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/07/18 19:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PMB Files
[2011/07/18 19:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/07/18 19:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/07/17 08:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2011/07/17 07:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/07/17 07:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/07/17 07:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC
[2011/07/17 07:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/07/17 07:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2005
[2011/07/17 07:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/07/17 07:28:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/07/17 07:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2011/07/17 07:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/07/17 07:27:36 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/07/17 07:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAMN NFO Viewer
[2011/07/17 05:34:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\SysWow64\javaws.exe
[2011/07/17 05:34:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\SysWow64\javaw.exe
[2011/07/17 05:34:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\SysWow64\java.exe
[2011/07/17 05:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinZip
[2011/07/17 05:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/07/17 05:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/07/17 05:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2011/07/17 05:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/07/17 05:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2011/07/17 04:04:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\OpenOffice.org 3.3
[2011/07/17 04:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/07/15 08:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/07/14 18:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2011/07/14 18:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/07/14 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011/07/14 06:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2011/07/13 09:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PFStaticIP
[2011/07/13 09:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFStaticIP
[2011/07/13 08:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Portforward.com
[2011/07/13 08:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/07/13 00:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/13 00:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/07/13 00:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/07/13 00:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/13 00:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/08 01:12:18 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2011/07/07 23:41:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\killapps.exe
[9 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 19:16:45 | 000,042,897 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\untitled.PNG
[2011/08/01 19:07:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 19:05:22 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/01 19:01:01 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 19:01:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2736174899-410898149-3299125776-500.job
[2011/08/01 19:00:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 14:34:21 | 000,063,459 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\200450_10150103534571618_554501617_6775312_3433782_n.jpg
[2011/08/01 11:02:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/29 16:42:58 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/07/29 16:42:58 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2011/07/29 03:15:09 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/28 23:45:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/24 04:33:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2011/07/21 10:38:34 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/21 05:01:24 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/20 02:48:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2736174899-410898149-3299125776-500.job
[2011/07/19 02:31:41 | 000,000,375 | -H-- | M] () -- C:\IPH.PH
[2011/07/17 02:42:19 | 000,000,067 | ---- | M] () -- C:\WINDOWS\SysWow64\585971532
[2011/07/14 23:08:36 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/14 06:16:31 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/13 07:49:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2011/07/13 07:49:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2011/07/13 00:06:13 | 000,013,984 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\6FC6.E4C
[2011/07/09 03:05:04 | 000,586,198 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2011/07/08 02:30:26 | 000,010,765 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\greatcat.jpeg
[2011/07/08 02:29:29 | 000,010,546 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\greatcow.jpeg
[2011/07/08 02:27:57 | 000,169,998 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\funnycat.png
[2011/07/08 00:50:17 | 000,052,643 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\pete.jpg
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[9 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 19:16:45 | 000,042,897 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\untitled.PNG
[2011/08/01 14:34:16 | 000,063,459 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\200450_10150103534571618_554501617_6775312_3433782_n.jpg
[2011/07/29 16:42:58 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/07/29 16:42:58 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/07/29 16:42:58 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2011/07/29 03:15:09 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/27 23:23:16 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/07/21 10:43:27 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/21 10:38:34 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/21 10:38:22 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/21 05:01:24 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 02:29:40 | 000,000,375 | -H-- | C] () -- C:\IPH.PH
[2011/07/13 08:37:11 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SysWow64\585971532
[2011/07/09 22:18:41 | 000,013,984 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\6FC6.E4C
[2011/07/08 02:30:26 | 000,010,765 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\greatcat.jpeg
[2011/07/08 02:29:29 | 000,010,546 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\greatcow.jpeg
[2011/07/08 02:27:54 | 000,169,998 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\funnycat.png
[2011/07/08 01:17:20 | 000,052,643 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\pete.jpg
[2010/06/13 13:18:17 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/05/04 18:35:57 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\RtlCPAPI.dll
[2010/05/04 18:35:57 | 000,111,616 | ---- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2010/05/04 18:35:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2010/05/04 18:35:57 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\SysWow64\instwdm.ini
[2010/03/18 19:59:50 | 000,000,175 | R--- | C] () -- C:\WINDOWS\SysWow64\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\SysWow64\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\SysWow64\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\SysWow64\ctdlang.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\SysWow64\enlocstr.exe
[2009/07/10 01:13:02 | 000,001,360 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SysWow64\kill.ini
[2009/07/05 16:41:05 | 000,073,220 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPrinterDB.dat
[2009/07/05 16:41:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern131.dat
[2009/07/05 16:41:05 | 000,029,114 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern1.dat
[2009/07/05 16:41:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern121.dat
[2009/07/05 16:41:05 | 000,021,021 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern3.dat
[2009/07/05 16:41:05 | 000,015,670 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern5.dat
[2009/07/05 16:41:05 | 000,013,280 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern2.dat
[2009/07/05 16:41:05 | 000,010,673 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern4.dat
[2009/07/05 16:41:05 | 000,004,943 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern6.dat
[2009/07/05 16:41:05 | 000,001,140 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_PT.dat
[2009/07/05 16:41:05 | 000,001,140 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_BP.dat
[2009/07/05 16:41:05 | 000,001,137 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_ES.dat
[2009/07/05 16:41:05 | 000,001,130 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_FR.dat
[2009/07/05 16:41:05 | 000,001,130 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_CF.dat
[2009/07/05 16:41:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_EN.dat
[2009/07/05 16:41:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\SysWow64\PICSDK.ini
[2009/06/28 15:57:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2009/06/28 15:57:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\SysWow64\hpodinet.dll
[2009/06/28 15:57:21 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2009/01/31 21:32:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat
[2008/12/15 03:42:57 | 000,203,944 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2008/12/15 03:42:51 | 000,066,872 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2008/03/28 17:43:41 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/12 19:38:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007/10/12 19:35:09 | 000,202,240 | ---- | C] () -- C:\WINDOWS\SysWow64\PsisDecd.dll
[2007/10/06 00:53:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\SysWow64\ctmmactl.dll
[2007/08/09 20:58:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\SysWow64\CTXFIRES.DLL
[2007/08/09 00:51:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/07/28 01:15:04 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2007/07/04 12:58:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\SysWow64\APOMgrH.dll
[2006/09/19 19:50:21 | 000,000,105 | ---- | C] () -- C:\WINDOWS\nTune.INI
[2006/08/31 18:39:37 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PFP100JPR.{PB
[2006/08/31 18:39:37 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PFP100JCM.{PB
[2006/08/10 23:29:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2006/08/10 05:17:30 | 000,003,585 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/10 05:17:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/19 00:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/07/18 22:59:14 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/07/18 21:14:23 | 000,000,210 | ---- | C] () -- C:\WINDOWS\EPSON RX620 Installer.ini
[2006/07/18 20:11:49 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/07/18 19:54:57 | 000,660,992 | ---- | C] () -- C:\WINDOWS\SysWow64\ati2saag.exe
[2006/07/18 19:04:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/18 18:58:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/17 22:36:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeW7.dll
[2006/07/17 22:36:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeA6.dll
[2006/07/17 22:36:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeP6.dll
[2006/07/17 22:36:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeM6.dll
[2006/07/17 22:36:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizePX.dll
[2006/07/17 22:36:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresize.dll
[2006/07/17 20:16:17 | 000,313,207 | ---- | C] () -- C:\WINDOWS\SysWow64\ctstatic.dat
[2006/07/17 20:16:17 | 000,264,466 | ---- | C] () -- C:\WINDOWS\SysWow64\CTSBAS2W.DAT
[2006/07/17 20:16:17 | 000,230,201 | ---- | C] () -- C:\WINDOWS\SysWow64\CTSBASW.DAT
[2006/07/17 20:16:16 | 000,140,643 | ---- | C] () -- C:\WINDOWS\SysWow64\CTBAS2W.DAT
[2006/07/17 20:16:16 | 000,112,411 | ---- | C] () -- C:\WINDOWS\SysWow64\CTBASICW.DAT
[2006/07/17 20:16:16 | 000,053,932 | ---- | C] () -- C:\WINDOWS\SysWow64\ctdaught.dat
[2006/07/17 20:16:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SysWow64\REGPLIB.EXE
[2006/07/17 20:16:13 | 000,005,515 | ---- | C] () -- C:\WINDOWS\SysWow64\ENSDEF.INI
[2006/07/17 19:50:55 | 000,043,422 | R--- | C] () -- C:\WINDOWS\SysWow64\e10kxwdm.ini
[2006/07/17 18:20:10 | 000,586,198 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2006/07/17 17:27:10 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/07/17 17:25:40 | 000,006,656 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsProbe.sys
[2006/07/17 17:23:56 | 000,335,872 | ---- | C] () -- C:\WINDOWS\SysWow64\CapabilityTable.exe
[2006/07/17 17:23:15 | 000,005,119 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/07/17 17:23:13 | 000,005,824 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2006/07/17 17:02:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/17 10:47:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/27 15:52:41 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/12/01 18:05:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\px.ini
[2005/11/14 16:40:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\SysWow64\CddbFileTaggerRoxio.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\SysWow64\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\SysWow64\ssleay32.dll
[2005/03/25 08:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2005/03/25 08:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2005/03/25 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2005/03/25 08:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2005/03/25 08:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2005/03/25 08:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2005/03/25 08:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2005/03/25 08:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2005/03/25 08:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2005/03/25 08:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2005/03/25 08:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2005/03/25 08:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2005/03/25 08:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2005/03/25 08:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2005/03/25 08:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2005/03/25 08:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2005/03/25 08:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2005/03/25 08:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2005/03/25 08:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2005/03/25 08:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2005/03/25 08:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2005/03/25 08:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2005/03/25 08:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe
[2004/09/28 11:14:04 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\writing:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Windows x64 Utilities:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\SimCity Societies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\poetry:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\pete.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\IMG00292-20100812-2146.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\IMG00291-20100812-2146.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\funnycat.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Electronic Arts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\ebay:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\EA Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\dvd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Drivers:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Ali Personal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\Desktop\horses:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\Desktop\GooredFix Backups:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\Desktop\200450_10150103534571618_554501617_6775312_3433782_n.jpg:Roxio EMC Stream

< End of report >

-------------------------

OTL Extras logfile created on: 8/1/2011 7:29:22 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\U111AB38495673bbr1578f7
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 37.60% Memory free
3.87 Gb Paging File | 2.73 Gb Available in Paging File | 70.46% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.23 Gb Total Space | 13.88 Gb Free Space | 20.05% Space Free | Partition Type: NTFS
Drive D: | 69.23 Gb Total Space | 45.26 Gb Free Space | 65.38% Space Free | Partition Type: NTFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RUGART-E88E86ZZ | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" File not found
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57940:TCP" = 57940:TCP:*:Enabled:Pando Media Booster
"57940:UDP" = 57940:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"57940:TCP" = 57940:TCP:*:Enabled:Pando Media Booster
"57940:UDP" = 57940:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\World of Warcraft\Launcher.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft
"C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:Battle for Middle-earth
"C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files (x86)\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Administrator\Desktop\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe" = C:\Documents and Settings\Administrator\Desktop\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files (x86)\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files (x86)\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)
"C:\Program Files (x86)\AVG\AVG8\avgupd.exe" = C:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG8\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG8\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files (x86)\AIM\aim.exe" = C:\Program Files (x86)\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory -- (Wizet)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\World of Warcraft\Launcher.exe" = C:\Program Files (x86)\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft
"C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:Battle for Middle-earth
"C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files (x86)\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files (x86)\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Administrator\Desktop\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe" = C:\Documents and Settings\Administrator\Desktop\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files (x86)\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = C:\Program Files (x86)\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)
"C:\Program Files (x86)\AVG\AVG8\avgupd.exe" = C:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG8\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG8\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files (x86)\AIM\aim.exe" = C:\Program Files (x86)\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory -- (Wizet)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{13E12AEC-7499-436F-8C04-D2FE83B869E4}" = DragToDisc64Install
"{2A028E51-148F-92EC-A6CF-5E0E09A1C01E}" = ccc-utility64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Pirate Cove
"{1ABCD64F-6B57-D191-707A-A64C6E177DDF}" = Catalyst Control Center Graphics Full New
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DD89FD0-39F5-4B1C-932D-D32B3CA9694D}" = Asus Probe V2.64.03
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2930D73B-49E6-02DC-BA42-8EC2B1C6752E}" = CCC Help English
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{49EC6CF7-B704-C2FE-49B9-E3CEBA76C671}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91C4CBA0-2AD5-5AA8-EC98-0BCD4914C5F4}" = Catalyst Control Center Graphics Previews Common
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A8CB084-5F00-4005-97E8-0229F884C807}" = DGE-530T
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8737BE8-0E2B-C420-DB2D-F468748414F0}" = ccc-core-preinstall
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C810930D-3FA2-3E54-1FAC-3907C5AEA7BC}" = Catalyst Control Center Graphics Full Existing
"{CAFC9755-5469-DC18-CDD2-6F5C743AC478}" = Catalyst Control Center Graphics Light
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3E4251D-8364-4698-B0E0-A7C799384403}" = Adobe GoLive CS (ENG)
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54885B7-7789-087D-62EB-373D4DF83B56}" = Skins
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F8474DF7-9902-7305-BAB3-34DEDFF2ADC5}" = ccc-core-static
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"AudioConSole" = Creative Audio Console
"AudioCS" = Creative Audio Console
"AVG8Uninstall" = AVG 8.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"Portforward Static IP Address" = Portforward Static IP Address 1.0.45
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2736174899-410898149-3299125776-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2010 10:07:15 PM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

Error - 9/12/2010 11:07:18 PM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

Error - 9/13/2010 12:07:14 AM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

Error - 9/14/2010 7:40:50 AM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

Error - 9/14/2010 7:46:39 AM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

Error - 9/14/2010 7:49:19 AM | Computer Name = RUGART-E88E86ZZ | Source = Application Error | ID = 1000
Description = Faulting application adobe air updater.exe, version 1.5.3.9120, faulting
module ntdll.dll, version 5.2.3790.4455, fault address 0x0004f053.

Error - 9/14/2010 7:57:26 AM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

Error - 9/14/2010 8:10:01 AM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

Error - 9/14/2010 8:57:26 AM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

Error - 9/14/2010 9:10:01 AM | Computer Name = RUGART-E88E86ZZ | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/1/2011 3:59:21 PM | Computer Name = RUGART-E88E86ZZ | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 8/1/2011 3:59:35 PM | Computer Name = RUGART-E88E86ZZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/1/2011 4:33:01 PM | Computer Name = RUGART-E88E86ZZ | Source = ati2mtag | ID = 45062
Description =

Error - 8/1/2011 4:33:33 PM | Computer Name = RUGART-E88E86ZZ | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 8/1/2011 4:33:33 PM | Computer Name = RUGART-E88E86ZZ | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 8/1/2011 4:33:47 PM | Computer Name = RUGART-E88E86ZZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/1/2011 7:00:16 PM | Computer Name = RUGART-E88E86ZZ | Source = ati2mtag | ID = 45062
Description =

Error - 8/1/2011 7:00:45 PM | Computer Name = RUGART-E88E86ZZ | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 8/1/2011 7:00:45 PM | Computer Name = RUGART-E88E86ZZ | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 8/1/2011 7:00:55 PM | Computer Name = RUGART-E88E86ZZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >



The redirect problem hasn't happened in a while. However, the internet connection doesn't work well at all. I keep getting this page:

Posted Image

Our router is a Netgear WNDR3700V2.

#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:04 PM

Posted 03 August 2011 - 07:50 AM

Hello Punch Clock Heroine :)

Let's check your system for rootkits:


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

==========

It also appears that you may have a "Hi-jacked" proxy, so perform the following to check that, and correct it if it is necessary:

Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

==========

Things I need to see in your next reply:

  • TDSSKiller Log
  • Mini-Toolbox Result.txt
  • How are things running now?

Best Regards,
oneof4.


#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:04 PM

Posted 06 August 2011 - 10:06 AM

Are you still with us?

Best Regards,
oneof4.


#8 Punch Clock Heroine

Punch Clock Heroine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 07 August 2011 - 01:56 AM

My apologies for the delay. Thank you for your continued assistance.

2011/08/07 02:53:02.0515 1552 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/07 02:53:03.0000 1552 ================================================================================
2011/08/07 02:53:03.0000 1552 SystemInfo:
2011/08/07 02:53:03.0000 1552
2011/08/07 02:53:03.0000 1552 OS Version: 5.2.3790 ServicePack: 2.0
2011/08/07 02:53:03.0000 1552 Product type: Workstation
2011/08/07 02:53:03.0000 1552 ComputerName: RUGART-E88E86ZZ
2011/08/07 02:53:03.0000 1552 UserName: Administrator
2011/08/07 02:53:03.0000 1552 Windows directory: C:\WINDOWS
2011/08/07 02:53:03.0000 1552 System windows directory: C:\WINDOWS
2011/08/07 02:53:03.0000 1552 Running under WOW64
2011/08/07 02:53:03.0000 1552 Processor architecture: Intel x64
2011/08/07 02:53:03.0000 1552 Number of processors: 2
2011/08/07 02:53:03.0000 1552 Page size: 0x1000
2011/08/07 02:53:03.0000 1552 Boot type: Normal boot
2011/08/07 02:53:03.0000 1552 ================================================================================
2011/08/07 02:53:03.0281 1552 Initialize success
2011/08/07 02:53:11.0312 3204 ================================================================================
2011/08/07 02:53:11.0312 3204 Scan started
2011/08/07 02:53:11.0312 3204 Mode: Manual;
2011/08/07 02:53:11.0312 3204 ================================================================================
2011/08/07 02:53:11.0468 3204 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/07 02:53:11.0500 3204 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/07 02:53:11.0578 3204 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
2011/08/07 02:53:11.0640 3204 AFD (2b61d15cbbcb45057304307c4a541c19) C:\WINDOWS\System32\drivers\afd.sys
2011/08/07 02:53:11.0843 3204 ALCXWDM (f4975fd287ddf0413458de3b7d62c2ef) C:\WINDOWS\system32\drivers\ALCWDM64.SYS
2011/08/07 02:53:12.0000 3204 AmdK8 (6a441b028408ec66e789cbeafa7f95b6) C:\WINDOWS\system32\DRIVERS\amdk8.sys
2011/08/07 02:53:12.0046 3204 Arp1394 (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/07 02:53:12.0140 3204 AsProbe (92b2274ed63913676f6b8d96ee61533d) C:\WINDOWS\SysWow64\drivers\AsProbe.sys
2011/08/07 02:53:12.0171 3204 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/07 02:53:12.0203 3204 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/07 02:53:12.0359 3204 ati2mtag (ccc330bd7dc8619b86b2c339a4ffa7af) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/07 02:53:12.0500 3204 ATIAVAIW (f7f699024b234f740fb0ab646b669611) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
2011/08/07 02:53:12.0562 3204 atinevxx (7f769fb1900ed6d2976b65e6f30365fa) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
2011/08/07 02:53:12.0609 3204 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/07 02:53:12.0656 3204 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/07 02:53:12.0703 3204 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/07 02:53:12.0750 3204 CCDECODE (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/07 02:53:12.0781 3204 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
2011/08/07 02:53:12.0812 3204 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
2011/08/07 02:53:12.0828 3204 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/07 02:53:12.0875 3204 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/07 02:53:13.0000 3204 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2011/08/07 02:53:13.0046 3204 COMMONFX.SYS (f38acff40e9edc2b3476edd724cea4a0) C:\WINDOWS\System32\drivers\COMMONFX.SYS
2011/08/07 02:53:13.0093 3204 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
2011/08/07 02:53:13.0171 3204 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\WINDOWS\system32\CT20XUT.DLL
2011/08/07 02:53:13.0234 3204 ctac32k (095c566746217cd1482ede40a70d87d2) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/08/07 02:53:13.0281 3204 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/08/07 02:53:13.0343 3204 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2011/08/07 02:53:13.0406 3204 CTAUDFX.SYS (17979ee857e930cbfdf24a12e89d77a1) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
2011/08/07 02:53:13.0468 3204 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\WINDOWS\system32\CTEAPSFX.DLL
2011/08/07 02:53:13.0500 3204 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\WINDOWS\system32\CTEDSPFX.DLL
2011/08/07 02:53:13.0531 3204 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\WINDOWS\system32\CTEDSPIO.DLL
2011/08/07 02:53:13.0562 3204 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\WINDOWS\system32\CTEDSPSY.DLL
2011/08/07 02:53:13.0609 3204 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2011/08/07 02:53:13.0640 3204 CTERFXFX.SYS (fe3eae37536c02d087e5c5d339663779) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
2011/08/07 02:53:13.0750 3204 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\WINDOWS\system32\CTEXFIFX.DLL
2011/08/07 02:53:13.0812 3204 ctgame (51882deb6e27bd59717cde2038271930) C:\WINDOWS\system32\DRIVERS\ctgame.sys
2011/08/07 02:53:13.0843 3204 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\WINDOWS\system32\CTHWIUT.DLL
2011/08/07 02:53:13.0875 3204 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/08/07 02:53:13.0921 3204 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2011/08/07 02:53:13.0984 3204 CTSBLFX.SYS (4a7de2e30b2b9253933a157401ec76d5) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
2011/08/07 02:53:14.0015 3204 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/08/07 02:53:14.0078 3204 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/07 02:53:14.0140 3204 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/07 02:53:14.0187 3204 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/07 02:53:14.0234 3204 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/07 02:53:14.0343 3204 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/08/07 02:53:14.0390 3204 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/07 02:53:14.0421 3204 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/07 02:53:14.0453 3204 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/07 02:53:14.0484 3204 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/07 02:53:14.0531 3204 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/07 02:53:14.0578 3204 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/07 02:53:14.0609 3204 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/07 02:53:14.0640 3204 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/07 02:53:14.0734 3204 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/08/07 02:53:14.0796 3204 hap16v2k (83f647f9ace9192556f758e528024f68) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/08/07 02:53:14.0828 3204 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/08/07 02:53:14.0875 3204 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/07 02:53:14.0953 3204 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/07 02:53:15.0000 3204 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/07 02:53:15.0093 3204 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/07 02:53:15.0156 3204 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/07 02:53:15.0203 3204 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/07 02:53:15.0250 3204 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/07 02:53:15.0281 3204 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/07 02:53:15.0328 3204 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/07 02:53:15.0375 3204 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/07 02:53:15.0406 3204 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/07 02:53:15.0453 3204 kbdhid (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/07 02:53:15.0500 3204 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/07 02:53:15.0531 3204 KSecDD (4d9faef159d1e704d3d8986b6831838b) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/07 02:53:15.0578 3204 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
2011/08/07 02:53:15.0703 3204 m4cxa64 (7893b63c71f14552fe7ccc815690caac) C:\WINDOWS\system32\DRIVERS\m4cxa64.sys
2011/08/07 02:53:15.0765 3204 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/07 02:53:15.0796 3204 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/07 02:53:15.0843 3204 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/07 02:53:15.0890 3204 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/07 02:53:15.0906 3204 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/07 02:53:15.0953 3204 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/07 02:53:16.0000 3204 MPE (65ac01e236704b2fe40ed4a0ab54d589) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/08/07 02:53:16.0046 3204 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/07 02:53:16.0109 3204 MRxDAV (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/07 02:53:16.0171 3204 MRxSmb (986fd1bc8eb018085d05557a020e0899) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/07 02:53:16.0234 3204 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/07 02:53:16.0281 3204 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/07 02:53:16.0312 3204 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/07 02:53:16.0343 3204 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/07 02:53:16.0375 3204 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/07 02:53:16.0406 3204 MSTEE (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/07 02:53:16.0437 3204 ms_mpu401 (85c85a0d10d53c2e1cced9c8a3ba3c81) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/08/07 02:53:16.0484 3204 Mup (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/07 02:53:16.0515 3204 MVDCODEC (3c9cb32f4128495625b2e1655b7c641a) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
2011/08/07 02:53:16.0562 3204 NABTSFEC (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/07 02:53:16.0609 3204 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/07 02:53:16.0656 3204 NdisIP (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/07 02:53:16.0687 3204 NdisTapi (74612c7b722df0dbcc972f301bd1bf1e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/07 02:53:16.0718 3204 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/07 02:53:16.0765 3204 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/07 02:53:16.0812 3204 NDProxy (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/07 02:53:16.0843 3204 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/07 02:53:16.0906 3204 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/07 02:53:16.0984 3204 NIC1394 (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/07 02:53:17.0031 3204 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/07 02:53:17.0109 3204 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/07 02:53:17.0187 3204 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
2011/08/07 02:53:17.0218 3204 nvata64 (6b92b28c34904e157ca6fbf31f64e5f5) C:\WINDOWS\system32\DRIVERS\nvata64.sys
2011/08/07 02:53:17.0265 3204 NVENETFD (c52746064df36edc4b8fda49321ef481) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/07 02:53:17.0312 3204 nvnetbus (f32f7a0cc1d3633098b470ab8ba9dcc0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/07 02:53:17.0359 3204 ohci1394 (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/07 02:53:17.0406 3204 ossrv (85ea378116e2c4385993ba5124536ffc) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/08/07 02:53:17.0437 3204 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/07 02:53:17.0468 3204 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/07 02:53:17.0500 3204 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/07 02:53:17.0546 3204 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/07 02:53:17.0593 3204 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/07 02:53:17.0640 3204 Pcouffin64 (a7a134de374e91d931ba211556293b1b) C:\WINDOWS\system32\Drivers\pcouffin64a.sys
2011/08/07 02:53:17.0796 3204 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/07 02:53:17.0859 3204 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/07 02:53:17.0890 3204 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/07 02:53:17.0937 3204 PxHlpa64 (a9676a8ebc06729a983462a87afb2f93) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2011/08/07 02:53:17.0984 3204 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/07 02:53:18.0015 3204 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/07 02:53:18.0078 3204 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/07 02:53:18.0093 3204 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/07 02:53:18.0156 3204 Rdbss (f1c8347f0e437e145b2e30a6f29e45bd) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/07 02:53:18.0187 3204 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/07 02:53:18.0234 3204 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/07 02:53:18.0281 3204 RDPWD (ceca4f10b0118e3883628afa294b31d6) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/07 02:53:18.0312 3204 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/07 02:53:18.0375 3204 Revoflt (414059372a3f51f5bbe4d21a0381b381) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/08/07 02:53:18.0453 3204 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/07 02:53:18.0500 3204 serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/07 02:53:18.0531 3204 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/07 02:53:18.0609 3204 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/07 02:53:18.0656 3204 Si3114r5 (5a6019d79367043efdda228ad6fd2bb4) C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
2011/08/07 02:53:18.0687 3204 SiFilter (bf8af19c1cc97dff50de34dbec5227f4) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/08/07 02:53:18.0734 3204 SiRemFil (8141c9b48052e8198963c2e4803a3d46) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2011/08/07 02:53:18.0750 3204 SLIP (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/07 02:53:18.0796 3204 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/07 02:53:18.0828 3204 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/07 02:53:18.0921 3204 Srv (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/07 02:53:18.0968 3204 streamip (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/07 02:53:19.0000 3204 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/07 02:53:19.0031 3204 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/07 02:53:19.0156 3204 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/07 02:53:19.0218 3204 Tcpip (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/07 02:53:19.0281 3204 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/07 02:53:19.0312 3204 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/07 02:53:19.0328 3204 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/07 02:53:19.0390 3204 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/07 02:53:19.0453 3204 Update (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/07 02:53:19.0515 3204 usbaudio (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/07 02:53:19.0546 3204 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/07 02:53:19.0578 3204 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/07 02:53:19.0625 3204 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/07 02:53:19.0656 3204 usbohci (fa9c0d7c2dc899d3e7c2a8721d17a3f8) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/07 02:53:19.0687 3204 usbprint (040f6f425a6cc4fb156470502cafb31b) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/07 02:53:19.0718 3204 usbscan (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/07 02:53:19.0765 3204 usbstor (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/07 02:53:19.0812 3204 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/08/07 02:53:19.0859 3204 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
2011/08/07 02:53:19.0906 3204 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
2011/08/07 02:53:19.0968 3204 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
2011/08/07 02:53:20.0031 3204 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/07 02:53:20.0125 3204 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/07 02:53:20.0250 3204 WS2IFSL (13c901a30b4c248d640c4f32919cb920) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/07 02:53:20.0296 3204 WSTCODEC (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/07 02:53:20.0343 3204 WudfPf (3f98a4e57933963cf2a941bb48f9d47a) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/07 02:53:20.0390 3204 WudfRd (881c0c35cdd09077b0e95ec2269cb44c) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/07 02:53:20.0453 3204 yukonx64 (7672e911f6570d3ad0868bb9cc88f938) C:\WINDOWS\system32\DRIVERS\yk51x64.sys
2011/08/07 02:53:20.0531 3204 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/07 02:53:20.0562 3204 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/08/07 02:53:20.0578 3204 Boot (0x1200) (4cd8fcc2c8968db85f4a2a833520fa68) \Device\Harddisk0\DR0\Partition0
2011/08/07 02:53:20.0593 3204 Boot (0x1200) (c91c9fb472a99a8d3091ea767e0e524c) \Device\Harddisk1\DR1\Partition0
2011/08/07 02:53:20.0609 3204 ================================================================================
2011/08/07 02:53:20.0609 3204 Scan finished
2011/08/07 02:53:20.0609 3204 ================================================================================
2011/08/07 02:53:20.0625 3208 Detected object count: 0
2011/08/07 02:53:20.0625 3208 Actual detected object count: 0


----------

MiniToolBox by Farbar
Ran by Administrator (administrator) on 07-08-2011 at 02:55:11
Microsoft Windows XP Service Pack 2 (X64)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:54545

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 54545
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


== End of log ==



------------

DNS lookup errors happen across all computers accessing the network. No other problems. I think it may have something to do with the router itself, but we've tried a myriad of different things to fix it, none of which have worked...

Edited by Punch Clock Heroine, 07 August 2011 - 01:58 AM.


#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:04 PM

Posted 08 August 2011 - 06:53 PM

Okay, let's do this:

Please run MiniToolBox again.

Checkmark following checkboxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

Best Regards,
oneof4.


#10 Punch Clock Heroine

Punch Clock Heroine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 August 2011 - 04:10 AM

Thank you!


MiniToolBox by Farbar
Ran by Administrator (administrator) on 10-08-2011 at 05:09:58
Microsoft Windows XP Service Pack 2 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:54545

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : rugart-e88e86zz

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 00-11-D8-E1-76-04

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.7

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Wednesday, August 10, 2011 4:51:27 AM

Lease Expires . . . . . . . . . . : Thursday, August 11, 2011 4:51:27 AM

Server: UnKnown
Address: 10.0.0.1

Name: google.com
Addresses: 74.125.93.104, 74.125.93.105, 74.125.93.106, 74.125.93.147
74.125.93.99, 74.125.93.103



Pinging google.com [74.125.93.99] with 32 bytes of data:



Reply from 74.125.93.99: bytes=32 time=43ms TTL=49

Reply from 74.125.93.99: bytes=32 time=44ms TTL=49



Ping statistics for 74.125.93.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 44ms, Average = 43ms

Server: UnKnown
Address: 10.0.0.1

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=88ms TTL=49

Reply from 98.137.149.56: bytes=32 time=97ms TTL=49



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 88ms, Maximum = 97ms, Average = 92ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms


IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 d8 e1 76 04 ...... Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.7 10
10.0.0.0 255.255.255.0 10.0.0.7 10.0.0.7 10
10.0.0.7 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.0.0.7 10.0.0.7 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.7 10.0.0.7 10
255.255.255.255 255.255.255.255 10.0.0.7 10.0.0.7 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None

== End of log ==

#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:04 PM

Posted 13 August 2011 - 09:22 AM

Hey Punch Clock Herione :)

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKU\S-1-5-21-2736174899-410898149-3299125776-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54545
    FF - prefs.js..network.proxy.http_port: 54545
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\writing:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Windows x64 Utilities:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\SimCity Societies:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\poetry:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\pete.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\My Videos:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\My Received Files:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\My Music:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\IMG00292-20100812-2146.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\IMG00291-20100812-2146.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\funnycat.png:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Electronic Arts:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\ebay:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\EA Games:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\dvd:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Drivers:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Downloads:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\My Documents\Ali Personal:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\Desktop\horses:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\Desktop\GooredFix Backups:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Administrator\Desktop\200450_10150103534571618_554501617_6775312_3433782_n.jpg:Roxio EMC Stream
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply, along with how things are running now.

Best Regards,
oneof4.


#12 Punch Clock Heroine

Punch Clock Heroine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 13 August 2011 - 03:58 PM

Computer is running fine. I think the problem has stopped.


========== OTL ==========
HKU\S-1-5-21-2736174899-410898149-3299125776-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 54545 removed from network.proxy.http_port
ADS C:\Documents and Settings\Administrator\My Documents\writing:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\Windows x64 Utilities:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\SimCity Societies:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\poetry:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\pete.jpg:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Documents and Settings\Administrator\My Documents\My Videos:Roxio EMC Stream .
ADS C:\Documents and Settings\Administrator\My Documents\My Received Files:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Documents and Settings\Administrator\My Documents\My Music:Roxio EMC Stream .
ADS C:\Documents and Settings\Administrator\My Documents\IMG00292-20100812-2146.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\IMG00291-20100812-2146.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\funnycat.png:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Documents and Settings\Administrator\My Documents\Electronic Arts:Roxio EMC Stream .
ADS C:\Documents and Settings\Administrator\My Documents\ebay:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\EA Games:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\dvd:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\Drivers:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\Downloads:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\My Documents\Ali Personal:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\Desktop\horses:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\Desktop\GooredFix Backups:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Administrator\Desktop\200450_10150103534571618_554501617_6775312_3433782_n.jpg:Roxio EMC Stream deleted successfully.

OTL by OldTimer - Version 3.2.26.1 log created on 08132011_165718

#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:04 PM

Posted 16 August 2011 - 12:06 PM

Hello Punch Clock Heroine, :)

Let's see if OTL did it's job:

We need to create a New FULL OTL Report

  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Standard Registry" option to "All"
  • Change the "Extra Registry" option to "None"
  • Push the Posted Image button.
  • Copy and paste OTL.txt in your next reply,

Best Regards,
oneof4.


#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:04 PM

Posted 19 August 2011 - 02:42 PM

Are you still with us?

Best Regards,
oneof4.


#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 AM

Posted 22 August 2011 - 10:36 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users