Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wowfx problem


  • This topic is locked This topic is locked
8 replies to this topic

#1 Will HS

Will HS

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 15 August 2011 - 03:45 AM

Hey, This is my first post on this forum.

Very recently when I turn my computer on, open any program, or save something, a dialogue box pops up with the message:

"The application or DLL C:\WINDOWS\system32\wowfx.dll is not a valid Windows image. Please check this against your installation diskette."



I've searched google for a while now but come to the conclusion that I probably need my HijackThis log analyzed personally.

I ran this through "HijackThis.DE Logfile Analyzer" (an automatic HijackThis log analyzer) and it said that about twenty of the listings were almost certainly not good.

I hope someone can help me.



Here's the HijackThis log:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:01, on 15/08/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\System.exe
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Will\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Will\svchost.exe
C:\Documents and Settings\Will\Start Menu\Programs\Startup\userinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Will\Desktop\Will's stuff\Programs\AceHideFree.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Will\Desktop\Will's stuff\Program Folders\systinternals\procexp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102842&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\geBrPiiJ.dll
O2 - BHO: qs Class - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Updater] C:\WINDOWS\TEMP\System.exe
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Will\svchost.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Will\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (User 'Default user')
O4 - Startup: userinit.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA31060-600A-4DBC-84A3-1FC94D5A7E6A}: NameServer = 203.97.78.43,203.97.78.44
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BA31060-600A-4DBC-84A3-1FC94D5A7E6A}: NameServer = 203.97.78.43,203.97.78.44
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BA31060-600A-4DBC-84A3-1FC94D5A7E6A}: NameServer = 203.97.78.43,203.97.78.44
O17 - HKLM\System\CS3\Services\Tcpip\..\{1BA31060-600A-4DBC-84A3-1FC94D5A7E6A}: NameServer = 203.97.78.43,203.97.78.44
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: geBrPiiJ - C:\WINDOWS\SYSTEM32\geBrPiiJ.dll
O20 - Winlogon Notify: jkkJayWM - jkkJayWM.dll (file missing)
O20 - Winlogon Notify: ljJYQGyW - C:\WINDOWS\
O20 - Winlogon Notify: qoMdDWOI - qoMdDWOI.dll (file missing)
O20 - Winlogon Notify: tuvUMdAr - tuvUMdAr.dll (file missing)
O20 - Winlogon Notify: tuvuVlLF - tuvuVlLF.dll (file missing)
O20 - Winlogon Notify: xxyAPgGA - xxyAPgGA.dll (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe

--
End of file - 7570 bytes

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:42 AM

Posted 15 August 2011 - 03:10 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#3 Will HS

Will HS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 16 August 2011 - 01:02 AM

Ok cool



OTL logfile created on: 16/08/2011 4:41:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Will\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.50 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 69.62% Memory free
6.09 Gb Paging File | 5.49 Gb Available in Paging File | 90.08% Paging File free
Paging file location(s): C:\pagefile.sys 3837 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 77.78 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 2.53 Gb Free Space | 42.19% Space Free | Partition Type: FAT32
Drive E: | 127.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 931.51 Gb Total Space | 493.52 Gb Free Space | 52.98% Space Free | Partition Type: NTFS

Computer Name: YOUR-8ABC512DA0 | User Name: Will | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 16:25:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\My Documents\Downloads\OTL.scr
PRC - [2011/06/24 19:59:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/04/17 12:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2002/05/17 10:30:38 | 000,094,720 | ---- | M] () -- C:\Program Files\AceHide Free\AceHideFree.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/12 09:05:27 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\geBrPiiJ.dll
MOD - [2011/06/24 19:59:32 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2002/05/17 10:30:38 | 000,094,720 | ---- | M] () -- C:\Program Files\AceHide Free\AceHideFree.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (Schedule)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/17 12:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/07/04 21:49:14 | 000,075,496 | ---- | M] (tzuk) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/04/06 15:39:26 | 000,264,704 | ---- | M] (ASUSTeK COMPUTER INC.) [Disabled | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2010/03/20 16:35:28 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Disabled | Stopped] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/12/09 06:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Disabled | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/12/05 20:42:23 | 000,604,488 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/05 20:42:18 | 000,361,288 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/10/16 17:39:28 | 000,431,456 | ---- | M] (Seagate) [Disabled | Stopped] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/07/15 21:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)


========== Driver Services (SafeList) ==========

DRV - [2011/08/15 22:14:11 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/14 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110815.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/14 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/14 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/14 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110815.021\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/12 08:32:30 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110812.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/23 00:32:12 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 15:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 15:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/22 12:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/15 14:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 18:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 17:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011/01/27 11:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/07/04 21:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/06/14 20:59:22 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/09 17:24:23 | 000,027,656 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec)
DRV - [2010/03/09 17:24:23 | 000,022,024 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/03/02 17:44:21 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/03/02 17:44:21 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/03/02 17:43:48 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/03/02 17:43:40 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/30 11:15:54 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2009/02/17 18:22:56 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2009/02/17 18:22:54 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2009/02/17 18:22:52 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/12/27 15:45:42 | 000,085,760 | ---- | M] (Rocket Division Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2006/09/28 16:44:46 | 000,079,393 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1027.sys -- (RDID1027)
DRV - [2005/07/04 19:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/07/01 08:16:26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/03/10 09:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/05 06:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 16:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/04 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102842&gct=hp
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110419
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FLV&o=102842&locale=en_US&apn_uid=03038D7B-8C1C-4C3D-B3B4-3D615C3EC25D&apn_ptnrs=5C&apn_sauid=A84853EA-7E47-483F-B0E5-05AF82D4EB67&apn_dtid=YYYYYYYYNZ&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\Will\Application Data\Facebook\npfbplugin_1_0_0.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/08/15 22:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn\ [2011/08/15 22:13:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 19:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/21 11:26:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/03/20 16:30:12 | 000,000,000 | ---D | M]

[2009/08/21 21:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Will\Application Data\Mozilla\Extensions
[2011/08/16 16:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions
[2010/04/28 22:09:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 16:23:38 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/06/30 16:13:37 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2009/09/16 20:34:03 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/08/28 15:38:06 | 000,000,000 | ---D | M] (gTranslate) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011/08/02 16:15:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/12 17:41:13 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/01/23 21:19:56 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/03/12 17:41:12 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\elemhidehelper@adblockplus.org
[2011/03/12 17:41:12 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\personas@christopher.beard
[2011/08/16 16:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\extensions\staged
[2011/07/03 14:15:57 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\s4r3apwa.default\searchplugins\askcom.xml
[2011/07/10 16:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 19:50:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S4R3APWA.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S4R3APWA.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S4R3APWA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S4R3APWA.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S4R3APWA.DEFAULT\EXTENSIONS\SUPPORT-MIN@WOLFRAM.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S4R3APWA.DEFAULT\EXTENSIONS\UNDOCLOSEDTABSBUTTON@SUPERNOVA00.BIZ.XPI
[2011/07/10 16:00:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010/05/19 19:49:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 19:59:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 20:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/05/19 19:49:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/05/07 17:27:36 | 000,283,952 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2009/02/21 08:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/09/08 06:56:28 | 000,102,400 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npvideoegg-loader.dll
[2011/05/07 18:16:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/04/09 13:07:05 | 000,303,042 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10444 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\geBrPiiJ.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wowfx.dll) - C:\WINDOWS\system32\wowfx.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\geBrPiiJ: DllName - geBrPiiJ.dll - C:\WINDOWS\System32\geBrPiiJ.dll ()
O20 - Winlogon\Notify\jkkJayWM: DllName - jkkJayWM.dll - File not found
O20 - Winlogon\Notify\ljJYQGyW: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\qoMdDWOI: DllName - qoMdDWOI.dll - File not found
O20 - Winlogon\Notify\tuvUMdAr: DllName - tuvUMdAr.dll - File not found
O20 - Winlogon\Notify\tuvuVlLF: DllName - tuvuVlLF.dll - File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\xxyAPgGA: DllName - xxyAPgGA.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Will\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Will\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\geBrPiiJ.dll ()
O29 - HKLM SecurityProviders - (snapapi32.dll) - C:\WINDOWS\System32\snapapi32.dll ()
O29 - HKLM SecurityProviders - (digest32.dll) - File not found
O29 - HKLM SecurityProviders - (wowfx.dll) - C:\WINDOWS\System32\wowfx.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/23 23:58:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/30 20:17:12 | 000,048,904 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2011/04/11 14:38:22 | 000,731,000 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2011/04/11 14:38:18 | 000,595,320 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2001/08/03 22:11:58 | 000,094,208 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/09/04 09:20:16 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/12/06 21:20:03 | 000,000,067 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{65328b9e-9eeb-11df-b5cc-0013d359ece7}\Shell\AutoRun\command - "" = M:\zvchost.exe
O34 - HKLM BootExecute: (autocheck autochk /k:cdef*) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\userinit.exe
[2011/08/15 22:14:11 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/15 22:14:11 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/15 22:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/08/15 22:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/15 22:13:51 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/08/15 22:13:51 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/08/15 22:13:51 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/08/15 22:13:51 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/08/15 22:13:51 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/08/15 22:13:51 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/08/15 22:13:51 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/08/15 22:13:51 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/08/15 22:13:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/08/15 22:13:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1206000.01D
[2011/08/15 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/08/15 22:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/08/15 22:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/08/15 19:24:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Will\Recent
[2011/07/30 19:24:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlib254.dll
[2011/07/30 19:24:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\append.dll
[2011/07/30 19:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\altcmd
[2011/07/21 12:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/07/21 11:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Local Settings\Application Data\Innovative Solutions
[2011/07/21 11:58:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\AdvUninstal
[2011/07/21 11:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2011/07/21 11:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/07/21 11:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Local Settings\Application Data\VS Revo Group
[2011/07/21 11:46:20 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/07/21 11:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/07/21 10:56:08 | 000,731,000 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2011/07/21 10:56:08 | 000,595,320 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe
[2000/11/01 18:46:28 | 000,160,256 | ---- | C] ( ) -- C:\WINDOWS\System32\GVJPEG32.DLL
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Will\My Documents\*.tmp files -> C:\Documents and Settings\Will\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/15 22:22:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/15 22:14:26 | 000,678,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/08/15 22:14:11 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/15 22:14:11 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/15 22:14:11 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/15 22:14:11 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/15 22:14:05 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/08/15 21:22:55 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2011/08/15 21:22:55 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/08/15 21:22:55 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2011/08/15 21:22:55 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2011/08/14 21:47:58 | 000,247,296 | ---- | M] () -- C:\Documents and Settings\Will\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 09:10:48 | 000,046,341 | ---- | M] () -- C:\nopscdf.exe
[2011/08/12 09:10:45 | 000,038,481 | ---- | M] () -- C:\xrnvhqk.exe
[2011/08/12 09:10:42 | 000,038,525 | ---- | M] () -- C:\cvvtwei.exe
[2011/08/12 09:10:39 | 000,038,553 | ---- | M] () -- C:\jbmiye.exe
[2011/08/12 09:10:36 | 000,038,537 | ---- | M] () -- C:\nsfadws.exe
[2011/08/12 09:10:34 | 000,046,388 | ---- | M] () -- C:\mjdgyuwj.exe
[2011/08/12 09:10:31 | 000,046,392 | ---- | M] () -- C:\yyutnu.exe
[2011/08/12 09:10:30 | 000,038,531 | ---- | M] () -- C:\233192977
[2011/08/12 09:05:27 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\geBrPiiJ.dll
[2011/08/10 23:09:31 | 000,503,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 23:09:31 | 000,088,222 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 23:08:13 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/08/04 15:48:49 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/30 19:23:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/21 12:12:29 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/21 12:12:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/21 12:12:27 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/07/21 12:12:27 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/21 12:08:57 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/21 11:46:22 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/07/21 11:33:41 | 000,000,023 | -HS- | M] () -- C:\WINDOWS\System32\ebfebbfe_z.dll
[2011/07/21 11:33:41 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\dabeece_z.ocx
[2011/07/20 14:53:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Will\My Documents\*.tmp files -> C:\Documents and Settings\Will\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/15 22:14:16 | 000,678,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/08/15 22:14:11 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/15 22:14:11 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/15 22:14:05 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/08/15 22:13:51 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/08/15 22:13:40 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/08/15 22:13:40 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/08/15 22:13:40 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/08/15 22:13:40 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/08/15 22:13:40 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/08/15 22:13:40 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/08/15 22:13:40 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/08/15 22:13:39 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/08/15 22:13:39 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.cat
[2011/08/15 22:13:39 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/08/15 22:13:39 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/08/15 22:13:39 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/08/15 22:13:39 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/08/15 22:13:39 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/08/12 09:05:27 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\geBrPiiJ.dll
[2011/08/07 23:08:55 | 000,001,527 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Notepad.lnk
[2011/07/30 19:24:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\wowfx.dll
[2011/07/21 12:40:43 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\Will\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/07/21 11:46:22 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/07/21 11:33:41 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\ebfebbfe_z.dll
[2011/07/21 11:33:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\dabeece_z.ocx
[2011/07/21 10:56:08 | 000,048,904 | ---- | C] () -- C:\autoruns.chm
[2011/05/08 21:20:36 | 000,005,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ronomdwa.tbp
[2011/02/23 21:29:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/13 21:51:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/11/13 21:50:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/08/05 22:10:26 | 000,002,106 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/04 19:14:35 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2010/08/04 19:14:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2010/08/04 19:14:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2010/08/04 19:14:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2010/08/04 19:14:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2010/08/04 19:14:35 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2010/08/04 19:14:35 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2010/08/04 19:14:35 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2010/08/04 19:14:35 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2010/08/04 19:14:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2010/08/04 19:14:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2010/08/04 19:14:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2010/08/04 19:14:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2010/08/04 19:14:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2010/08/04 19:14:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2010/08/04 19:14:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2010/08/04 19:14:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2010/08/04 19:11:27 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Will\Application Data\myMPQ.ini
[2010/07/31 13:07:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/07/31 13:06:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/07/31 13:03:49 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/07/31 13:03:41 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/31 13:03:38 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/07/31 13:03:37 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/06/30 19:30:30 | 000,004,046 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini
[2010/06/13 22:41:29 | 000,526,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/23 18:34:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/08 17:00:44 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/03/08 17:00:41 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/03/08 17:00:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/02/27 18:33:47 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\snapapi32.dll
[2010/02/19 11:18:40 | 000,073,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/18 20:27:49 | 000,030,283 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2010/02/08 16:44:40 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Will\Application Data\WavCodec.wff
[2010/02/03 19:54:10 | 000,008,560 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/30 16:25:03 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1027.dll
[2010/01/30 16:25:03 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\Rd3t1027.DAT
[2010/01/12 15:55:02 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/01/12 15:55:02 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010/01/12 15:55:02 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/01/12 15:55:02 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/01/12 15:55:02 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/12/21 15:46:26 | 001,220,940 | ---- | C] () -- C:\Documents and Settings\Will\Local Settings\Application Data\prvlcl.dat
[2009/11/29 23:44:59 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/29 23:44:59 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/29 15:39:21 | 000,000,318 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2009/11/29 15:20:04 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/17 17:50:42 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/30 20:06:25 | 000,002,846 | ---- | C] () -- C:\Documents and Settings\Will\Application Data\wklnhst.dat
[2009/08/30 17:42:35 | 000,247,296 | ---- | C] () -- C:\Documents and Settings\Will\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/04 21:30:05 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009/04/28 20:14:19 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/04/28 18:02:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/04/27 19:14:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2009/03/04 18:43:13 | 000,673,546 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/03/04 18:43:13 | 000,007,449 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/09/01 20:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007/06/12 20:10:40 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/02/14 19:40:47 | 000,498,392 | ---- | C] () -- C:\WINDOWS\setup.exe
[2007/01/26 18:34:15 | 000,008,802 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini
[2007/01/26 18:34:15 | 000,007,763 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2006/11/26 10:11:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/11/26 10:05:24 | 000,004,761 | ---- | C] () -- C:\WINDOWS\langorig.ini
[2006/11/24 15:45:24 | 000,029,784 | ---- | C] () -- C:\Program Files\popcorn Terms.html
[2006/11/22 19:32:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2006/11/22 16:08:37 | 000,001,433 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/22 16:04:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/19 14:35:30 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2006/10/16 17:04:30 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2006/10/15 15:43:17 | 000,000,045 | ---- | C] () -- C:\WINDOWS\OLDTRASH.INI
[2006/10/08 10:33:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\ENCGAMES.INI
[2006/10/07 15:15:14 | 000,000,026 | ---- | C] () -- C:\WINDOWS\gale.ini
[2006/09/26 22:08:35 | 000,001,331 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/16 15:51:15 | 000,001,733 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2006/07/12 13:36:12 | 000,002,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/08 14:07:51 | 000,000,321 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2006/07/03 20:09:01 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/07/03 20:07:28 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/07/01 14:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/06/29 21:45:19 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2006/06/11 09:48:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/05/06 17:03:01 | 001,282,082 | ---- | C] () -- C:\WINDOWS\CL-Blount.exe
[2006/05/06 17:02:24 | 001,350,016 | ---- | C] () -- C:\WINDOWS\CL-Charlie.exe
[2006/03/12 13:05:52 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/02/19 17:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/02/07 18:26:33 | 000,001,483 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2006/01/26 18:41:46 | 000,000,776 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2006/01/24 08:15:28 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2006/01/23 11:36:45 | 000,000,724 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2006/01/23 10:44:41 | 000,000,160 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/01/19 17:18:16 | 000,000,105 | ---- | C] () -- C:\WINDOWS\KBB.ini
[2006/01/04 13:31:04 | 002,324,992 | ---- | C] () -- C:\WINDOWS\bjc265spxp150.exe
[2005/12/31 17:52:14 | 000,000,099 | ---- | C] () -- C:\WINDOWS\dinksmallwood.ini
[2005/12/30 14:13:35 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/12/21 17:15:57 | 000,000,248 | ---- | C] () -- C:\WINDOWS\ENations.ini
[2005/12/17 06:20:10 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Spiderman.INI
[2005/09/01 22:36:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/01 22:15:35 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/09/01 22:15:16 | 000,015,790 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/01 22:15:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/01 22:09:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/01 22:07:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/01 22:07:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/01 22:07:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/01 22:07:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/01 22:07:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/01 22:07:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/01 22:05:56 | 000,000,209 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/01 22:01:56 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/01 21:59:09 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/09/01 21:49:07 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/01 21:44:37 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/09/01 21:44:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/09/01 21:44:16 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/08 08:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/10 01:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/11/24 00:15:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/24 00:03:08 | 000,503,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/24 00:03:08 | 000,088,222 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/24 00:01:10 | 000,330,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/11/23 23:57:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/23 23:55:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/05 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 00:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2004/08/05 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/25 14:03:30 | 000,000,578 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/24 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 11:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/07 15:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE

========== LOP Check ==========

[2009/01/15 19:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/09/01 20:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/03/07 20:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/08/15 23:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitmeter2
[2007/07/15 15:29:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/01 22:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/03/12 18:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdAlive
[2009/05/29 10:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/11/06 18:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GeoVid
[2011/07/21 11:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011/07/21 11:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/02/13 19:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/04/01 20:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/02/08 17:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/12/07 19:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2010/09/14 20:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/03/09 18:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/03/02 17:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/06/26 19:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/03/23 16:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/12/05 14:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/21 16:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Filter
[2009/08/30 21:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/01/26 09:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoEgg
[2011/06/27 21:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2009/03/15 20:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/10/04 16:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/01 20:05:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
[2010/02/27 18:46:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/02/27 18:46:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010/04/07 19:54:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}
[2009/04/25 13:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/01 20:05:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2009/09/01 20:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Ableton
[2010/01/17 22:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Any Video Converter
[2010/09/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Bioshock
[2011/03/03 18:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Bioshock2
[2010/04/24 20:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Braid
[2010/04/24 16:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Crayon Physics Deluxe
[2009/09/01 20:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\DAEMON Tools Pro
[2010/06/30 19:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Dexpot
[2010/01/02 20:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Facebook
[2010/08/27 17:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\fltk.org
[2010/04/10 16:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\iConcertCal
[2009/10/27 09:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\id Software
[2009/08/16 15:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Imagomat
[2009/10/09 16:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\InterVideo
[2009/12/12 16:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\iShell
[2010/06/30 19:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Launchy
[2010/11/03 16:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Leadertech
[2009/12/07 10:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Memento
[2010/02/08 17:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\NCH Swift Sound
[2009/09/01 21:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Propellerhead Software
[2010/06/30 19:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Q-Dir
[2005/09/01 22:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\SampleView
[2011/07/10 16:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Search Settings
[2011/08/14 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Spider Player
[2010/08/05 22:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Spyware Terminator
[2009/09/01 18:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Steinberg
[2010/03/20 16:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Toolbar4
[2009/08/30 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\TuneUp Software
[2011/05/28 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Utherverse
[2011/08/14 22:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\uTorrent
[2011/07/10 19:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\YouTube Downloader
[2011/07/21 12:12:27 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/07/17 17:04:13 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2009/07/17 17:04:17 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2009/08/31 21:43:06 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C

< End of report >

#4 Will HS

Will HS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 16 August 2011 - 01:03 AM

OTL Extras logfile created on: 16/08/2011 4:41:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Will\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.50 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 69.62% Memory free
6.09 Gb Paging File | 5.49 Gb Available in Paging File | 90.08% Paging File free
Paging file location(s): C:\pagefile.sys 3837 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.30 Gb Total Space | 77.78 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 2.53 Gb Free Space | 42.19% Space Free | Partition Type: FAT32
Drive E: | 127.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 931.51 Gb Total Space | 493.52 Gb Free Space | 52.98% Space Free | Partition Type: NTFS

Computer Name: YOUR-8ABC512DA0 | User Name: Will | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"11038:TCP" = 11038:TCP:*:Enabled:BitComet 11038 TCP
"11038:UDP" = 11038:UDP:*:Enabled:BitComet 11038 UDP
"4719:TCP" = 4719:TCP:*:Enabled:4719
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"C:\Documents and Settings\Will\Desktop\Will's stuff\Programs\utorrent.exe" = C:\Documents and Settings\Will\Desktop\Will's stuff\Programs\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"K:\Seagate Backup\YOUR-8ABC512DA0\C\Documents and Settings\Desktop\StarCraft II\Versions\Base19132\SC2.exe" = K:\Seagate Backup\YOUR-8ABC512DA0\C\Documents and Settings\Desktop\StarCraft II\Versions\Base19132\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"K:\Seagate Backup\YOUR-8ABC512DA0\C\Documents and Settings\Desktop\StarCraft II\StarCraft II.exe" = K:\Seagate Backup\YOUR-8ABC512DA0\C\Documents and Settings\Desktop\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{049885D8-22B9-C209-A00C-E43A8E3F0B79}" = CCC Help Danish
"{055A0044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common
"{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer
"{10133CDD-50B9-4783-B336-8B48F3653715}" = Star Wars Galactic Battlegrounds: Saga
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility
"{1531DDE3-DD8B-C078-3CA2-4F278C8A7E6A}" = CCC Help Portuguese
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40D388F5-803F-616A-521D-005BC0BD9496}" = CCC Help Russian
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{429232EE-1406-FE49-2B82-DFA6234249D2}" = Catalyst Control Center Graphics Full New
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4893A35F-0A23-48EC-8E74-24969244D6F2}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A194623-3878-4CAA-B5F7-FC21B1AE3CAD}" = Left 4 Dead 2 Add-On Installer
"{4A220461-26FD-E792-F134-54FE095E5C67}" = ccc-utility
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4BFE3B58-DE4A-7505-B2ED-1C581889DE8B}" = CCC Help English
"{4C7A2608-9B04-72EF-5BC1-815885E8093E}" = CCC Help Dutch
"{4EAB28B6-12F8-5F07-9857-4C84815DD36F}" = CCC Help Czech
"{51F30BA1-6032-ADC9-0F1D-8DCB8F4BEE35}" = CCC Help Finnish
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59975E1A-7F44-827D-A294-0C946F96E26A}" = CCC Help Greek
"{5B9AF72D-593E-6D89-7E35-C79D58A04E9B}" = CCC Help Norwegian
"{5D8A40E9-8E59-3761-98DE-2C9F7303FA17}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{609B6317-7014-A779-C58D-864F12BA6339}" = CCC Help Spanish
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{670A8412-8080-78BD-8DBE-E68A3FB313D3}" = CCC Help Japanese
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{68B18535-773E-DF4D-5213-624AAE7068BA}" = CCC Help Chinese Traditional
"{6F05A311-B2AB-5514-4A20-1A0C98131F36}" = CCC Help Hungarian
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75217611-047C-3C46-69CC-9E810B0FD7A4}" = ccc-core-preinstall
"{76B55683-1A17-CB8B-B1C4-A0A3F3C2D2D5}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7EC1397D-006B-9901-DED7-1937F7690388}" = CCC Help Turkish
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B57E13-6093-47EE-5BA1-415410E12374}" = CCC Help Polish
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACF42DD-C998-ED3C-1446-93AFA65E823D}" = ATI Catalyst Install Manager
"{8B6A5274-219B-912E-A87C-6F30EA87F55E}" = CCC Help French
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8D2B09E2-6B04-4960-B780-4B0CE90780EE}" = LightScribe 1.4.39.1
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{9158ED68-0310-0EFA-26FD-589A14F6C4D6}" = CCC Help Chinese Standard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8E51420-13A4-6888-6F65-A82E53FA7045}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1BD17C5-48FA-4CFD-BDBE-0931D79C4108}" = BAE-Software GFX-View V3
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BA0000DF-3F5A-4B0A-A438-918BAB015508}" = iConcertCal
"{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English
"{BCE36DA3-853A-7F6D-0041-118BFC0A3607}" = CCC Help Thai
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3E08AD8-3B84-4663-A7F8-BF6737B15589}_is1" = Bandwidth Meter Pro v2.6 build 629
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C51DD70F-B9DD-AD9A-9800-93A58C429CD1}" = Catalyst Control Center Graphics Full Existing
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D159031E-628A-63C6-529A-AC5A95620ECC}" = CCC Help Swedish
"{D4292B37-6E88-A90C-B249-419417755D83}" = Catalyst Control Center Core Implementation
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D88A2FDD-4C42-2DC8-879B-3E3B17DE7A98}" = CCC Help Korean
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DFF10B77-36EB-4B73-AA8B-2B98E74EC3C7}" = YouTube Downloader Toolbar v4.5
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F44900CB-5BAF-7A35-74BF-D9BE40CB1F81}" = CCC Help German
"{F55B25A7-9D43-AD4F-B70B-AAB9C7FA1BA8}" = Skins
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FEB350BF-C090-3927-9F07-AFC93659F5FC}" = Catalyst Control Center Graphics Light
"7-Zip" = 7-Zip 4.65
"AceHide Free" = AceHide Free
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"altcompare" = altcompare
"Anapod CopyGear" = Anapod CopyGear (remove only)
"BPM Counter_is1" = BPM Counter 1.0.3.0
"BrainWave Generator" = BrainWave Generator
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA3100ISandPSA3000IS" = Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Everything" = Everything 1.2.1.371
"Fallout New Vegas_is1" = Fallout New Vegas
"GameGain_is1" = GameGain
"Garena" = Garena 2010
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Half Life 2 Episode 2" = Half Life 2 Episode 2
"HijackThis" = HijackThis 2.0.2
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"Icy Tower v1.4_is1" = Icy Tower v1.4
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InterActual Player" = InterActual Player
"Launchy_21344213_is1" = Launchy 2.5
"Live 8.0.3" = Live 8.0.3
"Memento_is1" = Memento 1.12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MidiIllustrator Virtuoso 2_is1" = MidiIllustrator Virtuoso v2.00
"MobilityDotNET" = DH Mobility Modder.NET
"Money2005b" = Microsoft Money
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItPrem_v10" = Microsoft Photo Premium 10
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Q-Dir" = Q-Dir
"RADVideo" = RAD Video Tools
"RAM_Defrag" = RAM Defrag (remove only)
"Reaktor 5" = Reaktor 5
"RealPlayer 6.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"ReCycle v2.1" = ReCycle v2.1
"Sandboxie" = Sandboxie 3.46
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Shockwave" = Shockwave
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Some PDF Image Extract_is1" = Some PDF Image Extractr 1.5
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Spider Player_is1" = Spider Player 2.5.3
"StarCraft II" = StarCraft II
"Swiff Player_is1" = Swiff Player 1.5
"Switch" = Switch Sound File Converter
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VH Toolkit_is1" = VH Toolkit 1.0.15.0
"VLC media player" = VLC media player 1.0.5
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xvid" = XviD MPEG-4 Video Codec
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Facebook Plug-In" = Facebook Plug-In
"Half-Life 2" = Half-Life 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/08/2011 7:01:45 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2539631,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 14/08/2011 7:01:49 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 15/08/2011 11:04:26 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb979909,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 15/08/2011 11:07:39 AM | Computer Name = YOUR-8ABC512DA0 | Source = NativeWrapper | ID = 5000
Description =

Error - 15/08/2011 11:09:17 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 15/08/2011 11:10:51 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 15/08/2011 11:12:14 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb977354,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 15/08/2011 11:12:57 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2416473,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 15/08/2011 11:14:20 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1612, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 15/08/2011 11:16:17 AM | Computer Name = YOUR-8ABC512DA0 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2539631,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

[ OSession Events ]
Error - 6/01/2010 11:50:40 PM | Computer Name = YOUR-8ABC512DA0 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3661
seconds with 2160 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15/08/2011 11:04:48 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0
SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909).

Error - 15/08/2011 11:07:47 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).

Error - 15/08/2011 11:09:35 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server
2003 and Windows XP x86 (KB982168).

Error - 15/08/2011 11:11:12 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and
3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).

Error - 15/08/2011 11:12:32 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0
SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).

Error - 15/08/2011 11:13:13 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473).

Error - 15/08/2011 11:14:44 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 15/08/2011 11:15:31 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2512827).

Error - 15/08/2011 11:16:40 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2539631).

Error - 15/08/2011 11:17:39 AM | Computer Name = YOUR-8ABC512DA0 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB2518864).

[ TuneUp Events ]
Error - 12/12/2009 5:43:55 AM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-12 22:43:55', '\device\harddiskvolume2\documents
and settings\will\desktop\will's stuff\programs\utorrent.exe','2884',0)

Error - 13/12/2009 4:08:03 AM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-13 21:08:03', '\device\harddiskvolume2\documents
and settings\will\desktop\will's stuff\cool games\crayon\crayon\crayon.exe','3928',0)

Error - 14/12/2009 12:24:36 AM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-14 17:24:36', '\device\harddiskvolume2\documents
and settings\will\desktop\will's stuff\program folders\systinternals\procexp.exe','872',0)

Error - 21/12/2009 12:35:47 AM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-21 17:35:47', '\device\harddiskvolume2\documents
and settings\will\desktop\will's stuff\programs\utorrent.exe','3248',0)

Error - 2/01/2010 11:44:58 PM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-03 16:44:58', '\device\harddiskvolume2\program
files\the learning company\arthur's reading games\library.exe','2876',0)

Error - 3/01/2010 5:35:14 PM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 10:35:14', '\device\harddiskvolume2\program
files\the learning company\arthur's reading games\tlcrun.exe','3828',0)

Error - 3/01/2010 5:35:50 PM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 10:35:50', '\device\harddiskvolume2\program
files\the learning company\arthur's reading games\library.exe','3884',0)

Error - 4/01/2010 4:12:36 AM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 21:12:31', '\device\harddiskvolume2\program
files\the learning company\arthur's reading games\tlcrun.exe','2512',0)

Error - 4/01/2010 11:15:24 PM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-05 16:15:24', '\device\harddiskvolume2\documents
and settings\will\desktop\will's stuff\programs\utorrent.exe','2476',0)

Error - 6/01/2010 11:36:34 PM | Computer Name = YOUR-8ABC512DA0 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-07 16:36:34', '\device\harddiskvolume2\documents
and settings\will\desktop\will's stuff\program folders\systinternals\procexp.exe','3152',0)


< End of report >

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:42 AM

Posted 16 August 2011 - 02:53 PM

Good evening. :)

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the contents of the following codebox into the main textfield:

    :filefind
    wowfx.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

So long, and thanks for all the fish.

 

 


#6 Will HS

Will HS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 17 August 2011 - 12:28 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:10 on 17/08/2011 by Will
Administrator - Elevation successful

========== filefind ==========

Searching for "wowfx.*"
C:\WINDOWS\system32\wowfx.dll --a---- 90112 bytes [07:24 30/07/2011] [21:48 28/03/2010] 60BB7D1D3E808134AC9AEFB9D5D21E2A

-= EOF =-

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:42 AM

Posted 19 August 2011 - 03:06 PM

Good evening. :)

Download CKScanner by askey127 from here and save it to your Desktop.

  • Double click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • Please copy and paste the contents of CKFiles.txt into your next reply.

So long, and thanks for all the fish.

 

 


#8 Will HS

Will HS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 19 August 2011 - 09:58 PM

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\will\desktop\will's stuff\cool games\mame32\mame32\roms\cracksht.zip
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\crack.exe
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\novation.bass-station.vsti.v1.4.incl.keygen-beat\bassstation getting started guide v1.4.pdf
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\novation.bass-station.vsti.v1.4.incl.keygen-beat\bassstation14.exe
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\novation.bass-station.vsti.v1.4.incl.keygen-beat\beat.nfo
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\novation.bass-station.vsti.v1.4.incl.keygen-beat\file_id.diz
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\novation.bass-station.vsti.v1.4.incl.keygen-beat\keygen.exe
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\novation.bass-station.vsti.v1.4.incl.keygen-beat\spy.nfo
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\u-he.zebra.vsti.v2.1.incl.keygen-air\air.nfo
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\u-he.zebra.vsti.v2.1.incl.keygen-air\keygen.exe
c:\documents and settings\will\desktop\will's stuff\other stuff\vst & dx softsynth & effects mega pack\u-he.zebra.vsti.v2.1.incl.keygen-air\zebra2 readme.pdf
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg anti-virus v8.5.364 (build 1549).exe
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\sn.txt
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\avg 8.x keygen\bz2.pyd
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\avg 8.x keygen\msvcr71.dll
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\avg 8.x keygen\python25.dll
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\avg 8.x keygen\unicodedata.pyd
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\avg 8.x keygen\w9xpopen.exe
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\avg 8.x keygen\??.txt
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\avg_keygen\test.txt
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\dvt\dvt.nfo
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\embrace\embrace.nfo
c:\documents and settings\will\desktop\will's stuff\programs\program folders\avg anti-virus v8.5.364 (build 1549) - mr1000 + keygen\avg keygen\nope\nope.nfo
c:\documents and settings\will\desktop\will's stuff\programs\program folders\bandwidth meter pro 2.6.617\crack.bat
c:\documents and settings\will\desktop\will's stuff\programs\program folders\bandwidth meter pro 2.6.617\crack\bwmeterpro.exe
c:\documents and settings\will\desktop\will's stuff\programs\program folders\izotope.ozone.v4.01 + keygen\air.nfo
c:\documents and settings\will\desktop\will's stuff\programs\program folders\izotope.ozone.v4.01 + keygen\file_id.diz
c:\documents and settings\will\desktop\will's stuff\programs\program folders\izotope.ozone.v4.01 + keygen\izotope_ozone_setup_v4_01.exe
c:\documents and settings\will\desktop\will's stuff\programs\program folders\izotope.ozone.v4.01 + keygen\keygen.exe
c:\documents and settings\will\desktop\will's stuff\programs\program folders\izotope.ozone.v4.01 + keygen\torrent downloaded from demonoid.com.txt
c:\documents and settings\will\desktop\will's stuff\programs\program folders\propellerhead recycle 2.1\patch & keygen.exe
c:\documents and settings\will\desktop\will's stuff\programs\program folders\superantispyware pro 4.24.0.1004 final\keygen\virus check.txt
c:\documents and settings\will\desktop\will's stuff\programs\program folders\tuneup utilities 2009 v8.0.3100.31 - (malestrom)\tuneup utilities 2009 v8.0.3100.31 - (malestrom)\keygen\tuneup.utilities.2009-keygen.exe
c:\documents and settings\will\my documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
c:\documents and settings\will\my documents\downloads\((demonoid.com))-prism_video_converter_with_keygen_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\(demonoid.com)-prism_video_converter_with_keygen_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\++demonoid.com++-izotope_ozone_4_01_with_keygen_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\++demonoid.me++-propellerhead_recycle_2_1_build_229_full_version_includes_keygen_and_patch_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\-_demonoid.com_-super_antispyware_pro_v_4_24_0_1004_final_keygen_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\brainwave_generator_3.1.12_crack_blacklistremover_einsoft[www.btmon.com](2).torrent
c:\documents and settings\will\my documents\downloads\brainwave_generator_3.1.12_crack_blacklistremover_einsoft[www.btmon.com].torrent
c:\documents and settings\will\my documents\downloads\download_accelerator_plus_(dap)_all_version_crack_x-demonoid.com-x_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\half-life_2_no-steam__no_crack__no_keygen___install_and_play.5040138.tpb.torrent
c:\documents and settings\will\my documents\downloads\half_life_2_no_steam_no_crack_no_keygen_install_and_play_x-demonoid.com-x_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\native.instruments.reaktor.v5.0.0.7.incl.keygen-h2[www.btmon.com].torrent
c:\documents and settings\will\my documents\downloads\o-demonoid.me-o_propellerhead's_recycle_2_1_keygen_patch_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\starcraft_2_wings_of_liberty_reloaded_crack_only.5723363.tpb(2).torrent
c:\documents and settings\will\my documents\downloads\starcraft_2_wings_of_liberty_reloaded_crack_only.5723363.tpb.torrent
c:\documents and settings\will\my documents\downloads\starcraft_ii_wings_of_liberty_proper-razor1911-crackonly.5730029.tpb.torrent
c:\documents and settings\will\my documents\downloads\x-demonoid.com-x_starcraft_ii_wings_of_liberty_proper_razor1911_crack_only_7316659.4444.torrent
c:\documents and settings\will\my documents\downloads\[ftl3]_bioshock_2_-_sea_of_dreams_-_crack_-_fixed_-_razor1911.5348668.tpb.torrent
c:\documents and settings\will\my documents\downloads\_-demonoid.me-_propellerhead's_recycle_2_1_keygen_patch_7316659.4444.torrent
c:\program files\ableton\live 8.0.3\resources\defaultpackages\library\presets\audio effects\vinyl distortion\crack.adv
c:\program files\common files\native instruments\shared content\sounds\massive\crackle carl.ksd
c:\program files\garena\plugins\ui\avoidcrackplugin.dll
c:\program files\native instruments\intakt\intakt_keygen.exe
c:\program files\native instruments\intakt\intakt\keygen.lnk
c:\program files\propellerhead\recycle\patch & keygen.exe
c:\program files\psycollider\help\ugens\noise\crackle.html
c:\program files\steinberg\loudness\vstplugins\vst plugins\arturia.cs-80vsti.v1.0-donz\crack\cs-80v.dll
c:\program files\steinberg\loudness\vstplugins\vst plugins\spin audio - roomverb m2 v2.0.105\spin audio - roomverb m2 v2.0.105\crack\rv2m2.dll
c:\program files\steinberg\loudness\vstplugins\vst plugins\synapsejungelist vsti v3.2\cracker.prs
c:\program files\u-he\presets\zebra2\pads\uh cracklepad.h2p
c:\program files\u-he\presets\zebra2\pads evolving\sm mit a bissl crackle.h2p
c:\program files\u-he\presets\zebra2\pads evolving\uh cracklepadxt.h2p
c:\program files\u-he\presets\zebra2\tones\uh alien crack beam.h2p
c:\program files\waves\plug-ins\xcrackle.dll
c:\program files\waves\plug-ins\documents\xcrackle.pdf
c:\program files\waves\plug-ins\plug-in settings\x-crackle settings.xps
scanner sequence 3.ZZ.11.KSBBPM
----- EOF -----

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:42 AM

Posted 20 August 2011 - 02:16 PM

Good evening.

As the above log shows, your system has a number of cracks/keygens on it that indicate software piracy - presumably connected with the use of µTorrent.
This site, like many others, doesn't condone such actions and as such this thread is now closed.

Should you wish to receive help here in the future I suggest you remove all such software before you post again.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users