0

Hello, I'd appreciate any help I could get on the current problem I am having with my computer. The problem seems a little complex to me, so I will try to explain as best as I can and with as much details to help you guys understand the issue better.

A couple days ago, my computer was playing a number audio ads on a daily basis, so I actively tried looking all over the place for solutions, running various anti-virus/malware sweeps in the process. Friday, only one ad played near the end of the day, so I thought the problem might have stopped. Now, I notice that there are two Internet Explorer processes running at the same time under task manager and will always end up returning, no matter how many times I try to end the processes. Shortly before going to sleep on Friday, my anti-virus program issued 5 quarantine alerts, making me worried that there is an unwanted program running on my computer that all my sweeps have not been able to detect.

I was preparing the logs for yesterday, so this was before the last attack, so I ran scans today to make sure the logs I would be pasting here would be accurate for you guys. Both MBA-M scans found 0 infections. Before I post the logs, here our some of the problems/facts I found during the initial clean up process: During the time MS Windows Malicious Software Removal Tool was running, both the IE processes were not running. After it was done scanning, the two IE processes were back running as they have been all the time when my computer is on(even during safe mode there are two IEs running at the same time). On Step 7 w/ GMER trying to get log#2, it crashed on me twice and gave me the blue screen of death once (at that point I just moved on)

1)MBA-M log
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5292

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/11/2010 3:04:28 AM
mbam-log-2010-12-11 (03-04-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 444571
Time elapsed: 1 hour(s), 56 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2) GMER One Log
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-11 01:03:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75VYA0 rev.12.01B02
Running: mlpdjnmm.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uglcapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- Threads - GMER 1.0.15 ----

Thread System [4:268] 86A5858D

---- EOF - GMER 1.0.15 ----

3) DDS.txt

DDS (Ver_10-12-05.01) - NTFSx86
Run by Owner at 3:20:44.86 on 12/11/2010 Sat
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_23
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.animesuki.com/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080125
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: MRI_DISABLED - No File
BHO: Browser Address Error Redirector - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Windows Mobile Device Center] "c:\windows\windowsmobile\wmdc.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SigmatelSysTrayApp] "c:\program files\sigmatel\c-major audio\wdm\sttray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\s13smqux.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010&query=
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\s13smqux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\s13smqux.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-9 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-1-25 5632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

=============== Created Last 30 ================

2010-12-11 03:48:04 -------- d-----w- c:\users\owner\appdata\local\AIM
2010-12-11 03:47:54 -------- d-----w- c:\users\owner\appdata\local\AOL
2010-12-10 18:21:58 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5c4c39d7-ea0d-4807-a903-4dadb8434e1f}\mpengine.dll
2010-12-10 00:44:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-09 20:07:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-09 20:07:54 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-09 19:59:16 -------- d-----w- c:\users\owner\appdata\local\Sunbelt Software
2010-12-09 19:57:24 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-09 19:54:51 -------- d-----w- c:\program files\Lavasoft
2010-12-09 18:10:35 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-09 08:37:32 -------- d-----w- c:\users\owner\appdata\local\ESET
2010-12-09 07:33:10 -------- d-----w- c:\program files\ESET
2010-12-09 05:08:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-09 05:08:12 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-09 04:51:42 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-12-07 04:20:53 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2010-12-07 04:20:53 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-07 04:11:00 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2010-12-07 04:10:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 04:10:45 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-07 04:10:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 04:10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 23:14:12 -------- d-----w- C:\scsu_share
2010-11-25 06:32:45 -------- d-----w- c:\progra~2\Age of Empires 3
2010-11-23 00:46:47 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-22 01:00:28 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-22 01:00:27 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-22 01:00:24 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-11-22 00:59:57 -------- d-----w- c:\windows\system32\xlive
2010-11-22 00:59:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

==================== Find3M ====================

2010-12-09 05:00:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36:52 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

============= FINISH: 3:31:19.64 ===============

4) DDS attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)


Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 283 GiB total, 18.271 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.062 GiB free.
E: is CDROM (UDF)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

?z?E?μ?I’†?I???A??
“??u???_?^ ver 1.00a
7-Zip 4.57
Ad-Aware
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.5
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Age of Empires III: Complete Collection
AIM 7
AIM Toolbar
AOL Install
ATI Catalyst Control Center
Bodog Poker
Browser Address Error Redirector
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
Combined Community Codec Pack 2008-01-24
Conexant D850 PCI V.92 Modem
Dell Getting Started Guide
Dell Support Center
DHTML Editing Component
Digital Line Detect
Download Updater (AOL LLC)
EarthLink Setup Files
ESET NOD32 Antivirus
File Splitter and Joiner (FFSJ v3.2)
FLV Player 2.0, build 24
Full Tilt Poker
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InstallMgr
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) Viiv(TM) Software
Internet Service Offers Launcher
IsoBuster 2.3
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
KB408682
League of Legends
Magic Online
Malwarebytes' Anti-Malware
MELTY BLOOD Act Cadenza Ver.B Windows”A
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft SharedView
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.6.13)
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
Netscape Navigator (9.0.0.6)
NetWaiting
NetZeroInstallers
OpenOffice.org 3.0
PokerStars
Product Documentation Launcher
RealPlayer
RealUpgrade 1.0
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SampleTestInstall
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sid Meier's Civilization V
Skins
Skype Toolbars
Skype? 4.2
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
StarCraft II
Steam
Suited_Pockets Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.4
Warcraft III
Warcraft III: All Products
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinPcap 3.1
WinRAR archiver
XPS MiniView Gadget

==== End Of File ===========================

Thanks for any help you can give me, I tried to explain the problem as best as I can, especially since the I haven't heard any audio ads today, yet I am positive the main problem still remains.

2
Contributors
21
Replies
22
Views
6 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

=========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

Thanks for the reply crunchie, but I hate to inform you that after the first loading bar of combofix, I experienced the blue screen of death. Should I try again or did that count as my one shot?

0

Combofix)

ComboFix 10-12-11.03 - Owner 1/2010 Sat 21:15:14.1.4 - x86 MINIMAL
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 02:44 . 2010-12-12 02:44 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-12-12 02:44 . 2010-12-12 02:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-09 04:51 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-12-07 04:20 . 2010-12-07 04:20 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2010-12-07 04:20 . 2010-12-07 04:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-07 04:11 . 2010-12-07 04:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2010-12-07 04:10 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 04:10 . 2010-12-07 04:10 -------- d-----w- c:\programdata\Malwarebytes
2010-12-07 04:10 . 2010-12-07 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-07 04:10 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 23:14 . 2010-11-30 23:23 -------- d-----w- C:\scsu_share
2010-11-25 06:32 . 2010-11-25 06:32 -------- d-----w- c:\programdata\Age of Empires 3
2010-11-23 00:46 . 2010-11-23 00:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-22 01:00 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-22 01:00 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-22 01:00 . 2007-04-04 23:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-11-22 00:59 . 2010-11-22 00:59 -------- d-----w- c:\windows\system32\xlive
2010-11-22 00:59 . 2010-11-22 00:59 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 05:00 . 2010-06-02 17:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 15:41 . 2009-10-02 20:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 06:36 . 2010-10-14 06:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 06:36 . 2010-10-14 06:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-09-13 13:56 . 2010-10-12 19:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-19 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-25 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 05:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
2007-04-24 13:25 86016 ----a-w- c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHFMSetLoginStatus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-01-25 13:25 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
2007-06-27 15:14 439512 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca74626e6532c5;Google Update Service (gupdate1ca74626e6532c5);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 133104]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2007-06-27 36056]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-19 5376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R3 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-25 5632]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 21:37]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 21:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.animesuki.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010&query=
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-JHHKIOMLICLFICMMJCIGICMMIDIKIDEBIDIL - c:\program files\?z?E?μ?I’†?I???A??\_uninst.exe
AddRemove-“??u???_?^_is1 - c:\program files\?a?C?A???X?¶?U’c\“??u???_?^\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 21:45
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-11 22:02:02
ComboFix-quarantined-files.txt 2010-12-12 03:01

Pre-Run: 22,801,272,832 bytes free
Post-Run: 22,967,455,744 bytes free

- - End Of File - - 7F1E5B77ED4D4440BFE6F220FC08A1A6

0

The OTL log isn't posting, is it too long? When I submit it just gives me a white screen & done then when I relog to check there isn't a post.

Task manager still shows 2 IE processes running, so I don't know if there is any improvement.

Edited by DFFolken: n/a

0

1st half of OTL)

OTL logfile created on: 12/11/2010 10:22:54 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 17.43 Gb Free Space | 6.16% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.06 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/23 12:28:49 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/07/19 15:49:16 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/24 10:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/04/29 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/04/29 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/12 03:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/23 15:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/17 12:54:17 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/01/25 08:28:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/25 08:25:56 | 001,838,592 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel(R)
SRV - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2007/06/27 10:15:40 | 000,036,056 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/06/27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel(R)
SRV - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel(R)
SRV - [2007/06/27 10:13:56 | 000,268,504 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/08/02 16:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/29 20:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/04/29 20:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/04/29 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/29 20:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/04/29 20:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/29 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/03/27 14:32:37 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/25 15:43:58 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/25 15:43:58 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/25 15:43:58 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/25 08:22:34 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/12 03:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/09/12 03:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/20 00:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/08/20 00:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/02 16:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.animesuki.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 22:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 21:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/07/19 15:50:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/07/19 15:51:36 | 000,000,000 | ---D | M]

[2009/12/29 13:59:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/12/11 00:26:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions
[2010/07/22 11:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/06 20:04:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/11 13:18:45 | 000,002,343 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\searchplugins\aol-search.xml
[2010/12/09 00:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/02 12:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/09 00:00:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/12/09 00:00:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/09 02:28:01 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/24 23:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

0

2nd half of OTL)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 22:17:13 | 000,065,224 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/12/11 22:17:10 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/12/11 22:17:05 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010/12/11 22:17:00 | 000,091,640 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/12/11 22:16:57 | 000,063,696 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2010/12/11 22:16:54 | 000,342,128 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010/12/11 22:16:51 | 000,070,216 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2010/12/11 22:15:09 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/12/11 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/12/11 22:11:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/11 22:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/11 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/11 21:58:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/11 21:03:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/11 21:01:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/11 21:00:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/11 21:00:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/11 21:00:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/11 20:59:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/11 20:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/11 20:11:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/11 03:53:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/12/10 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AIM
[2010/12/10 22:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AOL
[2010/12/10 17:28:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\20101211_02
[2010/12/10 17:28:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\20101211_01
[2010/12/09 15:07:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/12/09 15:07:54 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/09 14:59:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus Stuffs
[2010/12/09 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Sunbelt Software
[2010/12/09 14:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/12/09 03:37:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ESET
[2010/12/09 03:06:44 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Users\Owner\Desktop\Ad-Aware90Install.exe
[2010/12/09 00:44:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2010/12/09 00:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/09 00:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/09 00:00:32 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Owner\Desktop\spybotsd162.exe
[2010/12/08 23:50:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JavaRa
[2010/12/08 01:13:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Takumi na Muchi] Choudenjihou no Sasoikata (Toaru Kagaku no Railgun) [ENG]
[2010/12/06 23:20:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/06 23:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/06 23:11:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/12/06 23:10:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/06 23:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/06 23:10:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/06 23:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/06 02:36:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ISPY(douzinsisyndrome.blog75.fc2.com)
[2010/12/06 02:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HYSPY(douzinsisyndrome.blog75.fc2.com)
[2010/12/05 23:52:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101204c
[2010/12/05 23:52:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C76) [Mix Fry (Takurou)] Azunya (K-ON!)
[2010/12/05 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[ARE (Kashi)] Ore no Gimai ga Azunyan no Wake ga nai Kan (K-ON!)
[2010/12/05 23:52:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101204d
[2010/12/05 03:01:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[club54] Konayuta Shiawaseron (Lucky Star)
[2010/12/03 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78) [PTD] wafukan (Little Busters!)
[2010/12/03 00:51:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\_Momoiro_Toiki_(Meramera_Jealousy)__Anemone_Syndrome_(ENG)__Masamune+Pagan_
[2010/12/01 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78) [Shadow Sorceress Communication Protocol (Hitenoneeryuu)] Sora no Omocha (Yosuga no Sora)
[2010/11/30 18:14:12 | 000,000,000 | ---D | C] -- C:\scsu_share
[2010/11/29 02:08:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(SC39) [TIMTIM MACHINE(Kazuma G-Version)] TIMTIM MACHINE 19 (Suzumiya Haruhi no Yuuutsu) [ENG]
[2010/11/29 02:08:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[TIMTIM MACHINE (Kazuma G-version)] TIMTIM MACHINE 21 (Suzumiya Haruhi no Yuuutsu [The Melancholy of Haruhi Suzumiya])
[2010/11/29 02:08:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[TIMTIM MACHINE] TIMTIM MACHINE 17 (Suzumiya Haruhi no Yuuutsu) [ENG]
[2010/11/28 19:23:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Neko wa Manma ga Utsukushii (Hisasi)] Ore no Imouto ga Kawaisugite Yabai (Ore no Imouto ga Konna ni Kawaii Wake ga nai) (English) =Team Vanilla=
[2010/11/28 19:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[おかしも] 俺の妹がこんなに不埒なわけがない!
[2010/11/27 23:22:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PASTEL WING (Kisaragi-MIC)] COSTUME PARFAIT DOLCE (Yoake Mae Yori Ruriiro na)
[2010/11/27 23:19:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\AKIHO
[2010/11/25 02:17:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Genshiken]
[2010/11/25 01:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2010/11/24 03:05:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PNO Group] Ilya with sera rizu bun hokanke ikaku!!!
[2010/11/24 03:05:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PNO Group] Motto! Ilya Bunhokan Keikaku
[2010/11/23 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Daitoutaku (Nabeshima Mike)] Ryoujoku Haruhi Juunisai EM (Suzumiya Haruhi no Yuuutsu)
[2010/11/22 19:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/21 21:03:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Games for Windows - LIVE Demos
[2010/11/21 19:59:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/11/21 19:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/11/20 01:29:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\SORT IMG
[2010/11/18 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(COMIC1☆4) [AiramatnaS (Santa Matsuri)] RAKU pe vol.01 (Copyshi) (Bakemonogatari)
[2010/11/15 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(Yuumei Sakura) [Kitsune to Budou (Kurona)] Minoranai Master Spark (Touhou Project)
[2010/11/14 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78)[Haruki Genia] Little Sister Fever Warning 2 (OreImo) (English) =Little White Butterflies=
[2010/11/14 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101113a
[2010/11/13 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Digital Lover] D.L. action 56 (俺の妹がこんなに可愛いわけがない)
[2010/11/13 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(COMIC1☆4) [うにに組] スイーツじゃないんだからね!! (迷い猫オーバーラン!)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/11 22:15:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/11 22:12:58 | 088,723,407 | ---- | M] () -- C:\Users\Owner\Desktop\McAfee for PC.exe
[2010/12/11 22:11:17 | 000,001,033 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 22:11:17 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/11 22:05:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 22:05:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/11 22:05:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/11 22:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/11 22:05:08 | 3219,066,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/11 20:51:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/11 20:47:59 | 000,001,146 | ---- | M] () -- C:\ProgramData\2642622203.dat
[2010/12/11 20:22:57 | 247,615,190 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/11 20:12:14 | 003,988,425 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/11 19:07:20 | 000,252,653 | ---- | M] () -- C:\Users\Owner\Desktop\f759963c5ffd6c3860fd7493013e8a8f.jpg
[2010/12/11 19:07:12 | 000,470,963 | ---- | M] () -- C:\Users\Owner\Desktop\799bb5ec7c6a32febc7957c1f96d52ce.jpg
[2010/12/11 19:02:46 | 000,062,070 | ---- | M] () -- C:\Users\Owner\Desktop\bdf1ef91abdf392e18551813f053225d.jpg
[2010/12/11 16:50:18 | 000,042,496 | ---- | M] () -- C:\Users\Owner\Desktop\mtg spending.xlr
[2010/12/11 16:50:18 | 000,015,980 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/12/11 00:44:55 | 000,031,390 | ---- | M] () -- C:\Users\Owner\Desktop\virus steps.odt
[2010/12/10 19:53:48 | 000,129,534 | ---- | M] () -- C:\Users\Owner\Desktop\139ee18aa91bfbb960e9730ec8114c92.jpg
[2010/12/10 19:52:34 | 000,356,681 | ---- | M] () -- C:\Users\Owner\Desktop\f19176b9ce82b5c4550cb32db931f84a.jpg
[2010/12/10 19:49:36 | 000,181,107 | ---- | M] () -- C:\Users\Owner\Desktop\sample-b17b6fad437b36173e2e785019032836.jpg
[2010/12/10 00:44:00 | 156,691,788 | ---- | M] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 02 [391BBFD9].mkv
[2010/12/10 00:09:54 | 000,136,388 | ---- | M] () -- C:\Users\Owner\Desktop\sample-61ee765e4d40a5f881b4e2d745acdd69.jpg
[2010/12/10 00:09:41 | 000,083,830 | ---- | M] () -- C:\Users\Owner\Desktop\7f0179c06ff846486d7be71d0d80a35a.jpg
[2010/12/10 00:09:30 | 000,049,151 | ---- | M] () -- C:\Users\Owner\Desktop\da85230ca6d37a94c4fe8d0bec931b83.jpg
[2010/12/10 00:09:13 | 000,073,945 | ---- | M] () -- C:\Users\Owner\Desktop\sample-dfac627f94904643cbfebe3ca451bd90.jpg
[2010/12/09 15:07:54 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/09 15:00:58 | 000,232,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/09 04:30:32 | 000,094,087 | ---- | M] () -- C:\Users\Owner\Desktop\fw12.pdf
[2010/12/09 03:59:29 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Users\Owner\Desktop\Ad-Aware90Install.exe
[2010/12/09 02:53:39 | 000,493,638 | ---- | M] () -- C:\Users\Owner\Desktop\5489479666b3d5679511f86dcef7a460.jpg
[2010/12/09 02:53:30 | 000,126,768 | ---- | M] () -- C:\Users\Owner\Desktop\sample-3fb3f415d4380593cc868b4c88da531e.jpg
[2010/12/09 02:28:01 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2010/12/09 02:04:05 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\mlpdjnmm.exe
[2010/12/09 02:00:38 | 042,371,584 | ---- | M] () -- C:\Users\Owner\Desktop\eav_nt32_enu.msi
[2010/12/09 01:52:21 | 000,624,128 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2010/12/09 00:44:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2010/12/09 00:01:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Owner\Desktop\spybotsd162.exe
[2010/12/08 23:38:19 | 002,672,312 | ---- | M] () -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/12/08 23:34:27 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\mlbmi3qw.exe
[2010/12/06 23:10:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 20:30:33 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/12/06 19:10:10 | 019,208,499 | ---- | M] () -- C:\Users\Owner\Desktop\(COMITIA95) [Tetchan Hato] Erobanashiyo (Original).zip
[2010/12/06 14:43:50 | 008,053,127 | ---- | M] () -- C:\Users\Owner\Desktop\20101207-1-7.zip
[2010/12/05 20:08:21 | 196,086,145 | ---- | M] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 01.mkv
[2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/26 14:31:59 | 392,359,808 | ---- | M] () -- C:\Users\Owner\Desktop\(18禁アニメ) 鬼父2 下巻 「巨乳と天然と卑しと嫉み」 (704x396 DivX6.92).avi
[2010/11/14 22:01:45 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/14 22:01:45 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/11 22:11:27 | 088,723,407 | ---- | C] () -- C:\Users\Owner\Desktop\McAfee for PC.exe
[2010/12/11 22:11:17 | 000,001,033 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 22:11:17 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/11 22:05:08 | 3219,066,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/11 21:00:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/11 21:00:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/11 21:00:55 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/11 21:00:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/11 21:00:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/11 20:11:55 | 003,988,425 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/12/11 19:07:13 | 000,252,653 | ---- | C] () -- C:\Users\Owner\Desktop\f759963c5ffd6c3860fd7493013e8a8f.jpg
[2010/12/11 19:06:59 | 000,470,963 | ---- | C] () -- C:\Users\Owner\Desktop\799bb5ec7c6a32febc7957c1f96d52ce.jpg
[2010/12/11 19:02:33 | 000,062,070 | ---- | C] () -- C:\Users\Owner\Desktop\bdf1ef91abdf392e18551813f053225d.jpg
[2010/12/11 00:44:53 | 000,031,390 | ---- | C] () -- C:\Users\Owner\Desktop\virus steps.odt
[2010/12/10 19:53:48 | 000,129,534 | ---- | C] () -- C:\Users\Owner\Desktop\139ee18aa91bfbb960e9730ec8114c92.jpg
[2010/12/10 19:52:34 | 000,356,681 | ---- | C] () -- C:\Users\Owner\Desktop\f19176b9ce82b5c4550cb32db931f84a.jpg
[2010/12/10 19:49:32 | 000,181,107 | ---- | C] () -- C:\Users\Owner\Desktop\sample-b17b6fad437b36173e2e785019032836.jpg
[2010/12/10 00:34:37 | 156,691,788 | ---- | C] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 02 [391BBFD9].mkv
[2010/12/10 00:09:54 | 000,136,388 | ---- | C] () -- C:\Users\Owner\Desktop\sample-61ee765e4d40a5f881b4e2d745acdd69.jpg
[2010/12/10 00:09:40 | 000,083,830 | ---- | C] () -- C:\Users\Owner\Desktop\7f0179c06ff846486d7be71d0d80a35a.jpg
[2010/12/10 00:09:30 | 000,049,151 | ---- | C] () -- C:\Users\Owner\Desktop\da85230ca6d37a94c4fe8d0bec931b83.jpg
[2010/12/10 00:09:12 | 000,073,945 | ---- | C] () -- C:\Users\Owner\Desktop\sample-dfac627f94904643cbfebe3ca451bd90.jpg
[2010/12/09 04:30:16 | 000,094,087 | ---- | C] () -- C:\Users\Owner\Desktop\fw12.pdf
[2010/12/09 02:53:38 | 000,493,638 | ---- | C] () -- C:\Users\Owner\Desktop\5489479666b3d5679511f86dcef7a460.jpg
[2010/12/09 02:53:26 | 000,126,768 | ---- | C] () -- C:\Users\Owner\Desktop\sample-3fb3f415d4380593cc868b4c88da531e.jpg
[2010/12/09 02:04:02 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\mlpdjnmm.exe
[2010/12/09 01:52:14 | 000,624,128 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2010/12/09 01:49:41 | 042,371,584 | ---- | C] () -- C:\Users\Owner\Desktop\eav_nt32_enu.msi
[2010/12/08 23:38:05 | 002,672,312 | ---- | C] () -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/12/08 23:34:00 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\mlbmi3qw.exe
[2010/12/08 23:15:05 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/12/06 23:10:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 20:39:50 | 000,001,146 | ---- | C] () -- C:\ProgramData\2642622203.dat
[2010/12/06 19:09:30 | 019,208,499 | ---- | C] () -- C:\Users\Owner\Desktop\(COMITIA95) [Tetchan Hato] Erobanashiyo (Original).zip
[2010/12/06 14:43:29 | 008,053,127 | ---- | C] () -- C:\Users\Owner\Desktop\20101207-1-7.zip
[2010/12/05 20:04:14 | 196,086,145 | ---- | C] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 01.mkv
[2010/11/26 14:16:05 | 392,359,808 | ---- | C] () -- C:\Users\Owner\Desktop\(18禁アニメ) 鬼父2 下巻 「巨乳と天然と卑しと嫉み」 (704x396 DivX6.92).avi
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/12 17:46:28 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/19 03:45:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/19 03:03:13 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/08/04 17:01:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/21 23:12:20 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/01/05 14:22:04 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/03/27 12:07:32 | 000,015,980 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/03/21 12:08:48 | 000,232,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/25 15:44:35 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/25 08:26:07 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/08/02 16:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== LOP Check ==========

[2008/03/21 13:53:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2010/01/26 09:10:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AICPA
[2010/12/10 00:34:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2008/03/30 15:41:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ContentGuard
[2009/09/14 23:48:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FFSJ
[2010/10/12 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fyak
[2010/11/13 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Goer
[2010/06/21 01:04:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2010/03/06 01:03:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/03/04 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape
[2010/12/07 22:37:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ohibb
[2010/10/06 18:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ollil
[2009/03/06 20:49:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2009/01/05 14:22:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2009/07/31 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RenPy
[2008/03/27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/12/09 01:47:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/04/19 03:23:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizards of the Coast
[2010/12/11 20:51:32 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/12/13 01:02:23 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\sandbox\Package_1_for_KB928135~31bf3856ad364e35~x86~~6.0.1.0\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/01/25 15:34:47 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/25 15:34:47 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/25 15:34:47 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/01/25 15:34:47 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2006/12/13 01:35:51 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\sandbox\Package_1_for_KB928135~31bf3856ad364e35~x86~~6.0.1.0\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2008/01/25 15:34:47 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006/11/17 03:35:59 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\sandbox\Package_1_for_KB928253~31bf3856ad364e35~x86~~6.0.1.1\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/01/25 15:35:11 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/04/16 21:27:47 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\sandbox\Package_1_for_KB936141~31bf3856ad364e35~x86~~6.0.1.0\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/01/25 15:43:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/01/25 15:43:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2007/04/16 21:52:50 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\sandbox\Package_1_for_KB936141~31bf3856ad364e35~x86~~6.0.1.0\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/01/25 15:43:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/01/25 15:43:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2007/01/08 01:15:15 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\sandbox\Package_1_for_KB929909~31bf3856ad364e35~x86~~6.0.1.0\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/01/25 15:34:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/01/25 15:34:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2006/11/17 04:12:32 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\sandbox\Package_1_for_KB928253~31bf3856ad364e35~x86~~6.0.1.1\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/01/25 15:35:11 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/01/25 15:35:11 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/03/21 17:39:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/21 17:39:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/21 17:39:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/03/21 17:39:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Drivers\storage\R173412\IaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< End of report >

0

Extras.txt)

OTL Extras logfile created on: 12/11/2010 10:22:58 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 17.43 Gb Free Space | 6.16% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.06 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F916521-91B9-4C24-A0EA-BA4E64A90747}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher |
"{60EC33AE-3CBE-420B-9404-E1354B643FA5}" = lport=443 | protocol=6 | dir=in | name=https connections |
"{6464F9C5-F459-48FE-BA20-22EE73018F8A}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{64EC97CF-5699-4AE3-9A08-CCDC7124D065}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{71DF13FB-0C3C-4F1B-9062-185C7E820EF9}" = lport=7730 | protocol=6 | dir=in | name=mtgo |
"{788DF81A-F1B6-42B1-A9D4-5D56DDCC2D10}" = lport=5000 | protocol=17 | dir=in | name=lol game client |
"{887DE301-DB3F-4F51-BAA1-F7A78C949352}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |
"{8B1CB0F5-3C0E-44CE-8E5E-D5C0E10EED26}" = lport=80 | protocol=6 | dir=in | name=http connections |
"{9BFE441F-2AC2-486D-A8F1-AB0A1B3405D1}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{A9A01A93-C5E5-4B8B-A3A3-3EBA3349EDC2}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{B350D3E5-7B2C-483E-BEF5-8D94965999B7}" = lport=5222 | protocol=6 | dir=in | name=pvp.net |
"{CA970C3D-D305-4DF0-8E88-8FADA25C4249}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher |
"{CD2246E0-89C0-4224-A40B-AB1146E8C05A}" = lport=7770 | protocol=6 | dir=in | name=mtgo |
"{DA0C937D-651D-4023-955B-83771BF4933F}" = lport=5223 | protocol=6 | dir=in | name=pvp.net |
"{DE9EF8D2-FDDD-49E1-ACBB-7383575D1561}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{E9375AFC-57FC-4C67-B23A-82711A412EFD}" = lport=2099 | protocol=6 | dir=in | name=pvp.net |
"{F97D0A64-549A-4A91-9D20-FC0A0C940073}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000BD31F-D117-48B4-95E6-7916315B42C2}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"{03F0DD1D-8862-4776-986D-4B2FC95F818E}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{090B3315-3B7B-4AA2-8CC9-8E78A0EF2E27}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{10923F06-E2CF-4B2E-B689-727BED17A8C2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{196312B3-FE24-47AB-B889-A1A5AE32D637}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{1964FF94-0E01-4F67-A6ED-4C2A87452FDB}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{2761A31E-9F82-4C9F-BF03-554E02F9B89A}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{2DDF1AA8-58DF-4E43-9589-04B216883036}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{33D2228E-A0CC-4562-ADDE-B4F794A75E2F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe |
"{36028EA9-57C6-43CF-8D84-2258EDC9F6A0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{3CBA6C2B-16D7-4826-9A04-CCA139E19B8E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{409EADA8-B2C5-4029-9AF0-147CEA2721D4}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{4954BADE-55D2-4BDF-835E-71104BB385C0}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcher2.exe |
"{51685E9B-40D7-4E1C-A518-FE08AC52FDB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{55550A36-0CD2-4061-BFF2-FD57F20BFC2C}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcherx.exe |
"{5B92D465-A568-4935-B1FD-784CAC4089AC}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{5E39D867-2F00-4A60-9893-DA09EB82988B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{5F4D7AFA-CA98-408C-B47E-74AA091F0FDB}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{611E7CFF-46A5-45A6-AA05-B52DE4AA541B}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{6C72183E-F6B8-49E1-9C54-E32B4EB38F85}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{71F16200-BB89-4AFC-BB95-4F65E1F80B79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{72E6B8D0-18E8-4EFD-B3FE-29EDC91412BE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7676F402-F2F8-4149-9B15-E784808520D5}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcher.exe |
"{7A034C6D-C4CA-440E-BC4A-5A1B02DE38C3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{8262B02C-2E22-4873-984D-11C494653D0B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcher2.exe |
"{89BF21C7-B1AC-4BA3-968C-9B2DF906CEC7}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatchery.exe |
"{89F6F129-BFE6-4606-A42A-6C8C48FD65FE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{8DAA2403-43E7-49DD-8814-5A1E04D7ECCD}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{935B47AD-5A03-4CF1-B46E-469EF016B0E8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{9376F3F0-7022-413D-8228-41E24F6E557C}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcher.exe |
"{93FED72E-BDF2-424E-B45C-DF18B59A3965}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{9412E141-32B9-417B-A5A1-9E0DFAF9C601}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{958D8839-D8A6-413B-87A7-DDE14990EEE4}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{9AA214EF-BE32-4F05-AC5B-D2F755BDFC44}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"{9B199D2A-961C-4178-946B-E2208F668341}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe |
"{A4EB5F33-E4B5-411F-B498-4E65A3D2F5F1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{A82111C3-0B6B-4503-A363-10BE3117DE69}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{AF684C4E-6B45-4ECE-AC0C-C0FAB11A995E}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcherx.exe |
"{C09FE558-44C3-45C2-BF6A-E978D4DE37AE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C188D3FA-EE49-44A1-B636-EF92819C6DBA}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{C995D9B4-CC64-466D-9AB2-27FD900A9A75}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{D406642A-EA82-465D-8395-AC7D0B02DAE2}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{D66AF9C6-AA53-486C-8E6F-3E3E0AC58BA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D68FC3BC-91BC-4C8B-9292-AE382D0B98A0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E27580F7-C63B-43C8-9382-2E523A7B9D2A}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatchery.exe |
"{E8ABAB85-0936-4874-B646-DF0D50BF939E}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{F1AFEBC6-F29D-45E5-ADD3-66423D1C74F4}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{F5A9AE79-7A14-45F5-A178-F00D2A3B2D60}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{F8067007-9CA5-494E-A810-B74C5B1A9173}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FFA7D213-E665-47CB-B045-39BA27496658}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1CF9306C-F575-4D9C-81B4-210CA5945796}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{210B5BF8-C778-47DE-A9DC-CC2BE68C8D40}C:\users\owner\desktop\mbac\melty blood act cadenza ver b\mbcaster-beta-070912\exe\mbcaster.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\mbac\melty blood act cadenza ver b\mbcaster-beta-070912\exe\mbcaster.exe |
"TCP Query User{2BF773AE-74EF-485A-9B1B-49A0C0724C2F}C:\users\owner\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\mtgoiii_helper.exe |
"TCP Query User{2CE1A655-B429-42A3-B69B-D439E435DBB2}C:\program files\ecolesoftware\mbacwin\mbcaster.exe" = protocol=6 | dir=in | app=c:\program files\ecolesoftware\mbacwin\mbcaster.exe |
"TCP Query User{3F1EE0BB-82BC-4E74-898B-CFF328473865}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{42BB721E-30D9-4D47-A7DF-C66B0F9E8F37}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{49E76A18-3757-4F9A-9E5F-912EC599C1BB}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{4CCA369C-C0A4-4763-B2FE-239EE72352E2}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{4D8A6115-D2CA-43C6-97DD-8D9B9642F4EE}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{523A45F9-1283-4220-96D7-A27CF689BFBE}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{54B68878-6B28-4D35-BAD2-5CF2A93C367C}C:\users\owner\desktop\share!\share.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\share!\share.exe |
"TCP Query User{57300F69-CEFC-42E0-AA8E-808D78A8F02A}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{5795D022-718A-4341-9CC2-BC1F27A0E122}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5F64DD41-60A6-41D4-81A2-9124CF43392E}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{6064F1BB-7981-41DA-89F7-C76870E92BA7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{66D335EA-CB40-40AF-85F1-BC15281296F2}C:\program files\ecolesoftware\mbacwin\mbcaster.exe" = protocol=6 | dir=in | app=c:\program files\ecolesoftware\mbacwin\mbcaster.exe |
"TCP Query User{68163A3B-47BC-4AD1-87EE-EA8A0B12762D}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{6DA61110-A2EE-4D78-AF6B-0FE1F0672D48}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{83FA1098-B5EB-4022-A300-8E08D07E523B}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{8481ECCF-CFCB-4F1D-B224-8963898CB5EA}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{88D517D1-9AE1-47FF-889E-B5815881E003}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{9096CA0B-2203-4772-8815-AB98D2B06A39}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{B2814DCB-D45E-408F-8BE1-5D0F187C2F96}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{B9015E4B-F843-40CF-9BFC-617E0CC52FC1}C:\users\owner\pictures\doujins 7\share!\share.exe" = protocol=6 | dir=in | app=c:\users\owner\pictures\doujins 7\share!\share.exe |
"TCP Query User{B91594E6-B09A-424B-A9F4-87320555A199}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{CA9AC381-5CB8-4666-A406-97AD4434B9BF}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{D631510F-7078-4CAE-91E1-4C3314B714B2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1098137E-6F85-4104-BDAB-3A758EB578F9}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{166BA005-07DB-404A-80CA-F27C0502458E}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{28CB4507-9922-44D7-80BC-39F22667AAAD}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{321C6D1C-D88E-474C-8FA3-53359FE75049}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{375F5B95-0E45-4DC1-9496-A7AF15C465DA}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{41BBCAC0-3BA9-43F7-94D1-EA13188AD339}C:\program files\ecolesoftware\mbacwin\mbcaster.exe" = protocol=17 | dir=in | app=c:\program files\ecolesoftware\mbacwin\mbcaster.exe |
"UDP Query User{4AE6E381-43F4-483A-A744-38B4DD731C58}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5C3C5F2C-DBF5-43B2-B7EC-9D5EAAD2D174}C:\users\owner\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\mtgoiii_helper.exe |
"UDP Query User{6168CE80-195A-43EB-B2A6-2F3F52E20E3E}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{63533A57-2DA3-4A8C-A04B-90ED90F0C351}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{64545782-F496-48AE-8D7A-9CEA109B2F7F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{6D553F05-4EC6-4498-B823-939A88CA6BC9}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{73EFA2EC-676D-4F76-9C82-2DE99B2BCA60}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7E4A29D6-AD3E-4AF3-8145-88040F35E1FD}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{82A324AF-821B-4305-AC7A-7E87EF8E1A88}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8877778F-C4FB-4407-B083-FDE21B27A220}C:\users\owner\desktop\share!\share.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\share!\share.exe |
"UDP Query User{8AB5F00E-B013-4608-A345-BA1D7C4C980E}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{8EAA2B11-C028-42E4-9FA8-1A1554089513}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{ACC2BD1B-F2FE-4D5D-926F-20F2FF3B7312}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{AFCDD221-F150-4EA2-A5D4-5BBA47181A71}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C7376A74-6998-4DEA-9434-FE0E1092A7C8}C:\program files\ecolesoftware\mbacwin\mbcaster.exe" = protocol=17 | dir=in | app=c:\program files\ecolesoftware\mbacwin\mbcaster.exe |
"UDP Query User{CB1912F1-D6BF-4EA7-A4C3-205C964FAFC7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CBDD9E72-3BCE-41CC-BC62-BD53A0EB3BB1}C:\users\owner\pictures\doujins 7\share!\share.exe" = protocol=17 | dir=in | app=c:\users\owner\pictures\doujins 7\share!\share.exe |
"UDP Query User{D83C6B31-41FF-4A37-A848-5BED34E43FF6}C:\users\owner\desktop\mbac\melty blood act cadenza ver b\mbcaster-beta-070912\exe\mbcaster.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\mbac\melty blood act cadenza ver b\mbcaster-beta-070912\exe\mbcaster.exe |
"UDP Query User{DD7406D9-4734-43E1-98D5-7F37B587C4BB}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{F322224B-4B7E-466E-A910-D121EED585A9}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{FD0B5373-C0D3-4024-90BC-8145F097547D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese
"{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese
"{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian
"{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian
"{190297F8-14EC-4ECA-BFAC-72843DBFB382}" = Microsoft SharedView
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese
"{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel(R) Viiv(TM) Software
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian
"{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian
"{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish
"{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D973AE1D-ACB1-2C54-92FE-A29E2A7482C0}" = CCC Help Thai
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0EFA6E0-2A18-A83B-34EA-8435EFEE1285}" = CCC Help Korean
"{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5232150-5F44-4B21-9281-3869C7791B1E}" = SampleTestInstall
"{E53C563F-1157-20B2-1276-755A22E814D2}" = Catalyst Control Center Localization Chinese Standard
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6B8797E-923E-4902-9698-62937FE80FAB}" = CCC Help Chinese Traditional
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"“Œ•û•—_˜^_is1" = “Œ•û•—_˜^ ver 1.00a
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Bodog Poker_is1" = Bodog Poker
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.2)
"FLV Player" = FLV Player 2.0, build 24
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"IsoBuster_is1" = IsoBuster 2.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MBACWIN" = MELTY BLOOD Act Cadenza Ver.B WindowsӁ
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"PokerStars" = PokerStars
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 8930" = Sid Meier's Civilization V
"Suited_Pockets Toolbar" = Suited_Pockets Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.4
"Warcraft III" = Warcraft III
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/18/2010 5:27:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/19/2010 4:40:23 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 12/11/2010 9:54:02 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 12/11/2010 9:54:03 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 12/11/2010 9:54:11 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/11/2010 10:14:17 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/11/2010 10:44:50 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/11/2010 10:58:37 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/11/2010 10:58:37 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/11/2010 10:59:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/11/2010 10:59:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/11/2010 11:12:45 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >

0

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    :Commands
    [purity]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
0

OTL run fix Log)

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Owner
->Flash cache emptied: 349820 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 3001314 bytes
->Temporary Internet Files folder emptied: 1452842992 bytes
->Java cache emptied: 3165324 bytes
->FireFox cache emptied: 105554865 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 16767492 bytes

Total Files Cleaned = 1,508.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12112010_234435

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GOQO81TO\acCAEEDR6N.htm moved successfully.
File move failed. C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

0

OTL Quick Scan)

OTL logfile created on: 12/12/2010 12:04:53 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 17.06 Gb Free Space | 6.03% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.06 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/19 15:49:16 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/19 15:54:07 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/04/29 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/04/29 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/09/12 03:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/23 15:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/17 12:54:17 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/01/25 08:28:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/25 08:25:56 | 001,838,592 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel(R)
SRV - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2007/06/27 10:15:40 | 000,036,056 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/06/27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel(R)
SRV - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel(R)
SRV - [2007/06/27 10:13:56 | 000,268,504 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/08/02 16:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/29 20:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/04/29 20:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/04/29 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/29 20:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/04/29 20:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/29 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/03/27 14:32:37 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/25 15:43:58 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/25 15:43:58 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/25 15:43:58 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/25 08:22:34 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/12 03:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/09/12 03:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/20 00:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/08/20 00:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/02 16:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.animesuki.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 22:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 21:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/07/19 15:50:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/07/19 15:51:36 | 000,000,000 | ---D | M]

[2009/12/29 13:59:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/12/11 00:26:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions
[2010/07/22 11:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/06 20:04:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/11 13:18:45 | 000,002,343 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\searchplugins\aol-search.xml
[2010/12/11 23:34:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/02 12:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/11 23:34:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/12/11 23:34:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/11 23:55:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/24 23:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 23:44:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/11 23:32:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/11 22:17:13 | 000,065,224 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/12/11 22:17:10 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/12/11 22:17:05 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010/12/11 22:17:00 | 000,091,640 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/12/11 22:16:57 | 000,063,696 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2010/12/11 22:16:54 | 000,342,128 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010/12/11 22:16:51 | 000,070,216 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2010/12/11 22:15:09 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/12/11 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/12/11 22:11:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/11 22:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/11 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/11 21:58:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/11 21:03:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/11 21:01:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/11 21:00:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/11 21:00:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/11 21:00:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/11 20:59:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/11 20:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/11 20:11:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/11 03:53:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/12/10 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AIM
[2010/12/10 22:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AOL
[2010/12/10 17:28:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\20101211_02
[2010/12/10 17:28:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\20101211_01
[2010/12/09 15:07:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/12/09 15:07:54 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/09 14:59:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus Stuffs
[2010/12/09 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Sunbelt Software
[2010/12/09 14:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/12/09 03:37:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ESET
[2010/12/09 03:06:44 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Users\Owner\Desktop\Ad-Aware90Install.exe
[2010/12/09 00:44:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2010/12/09 00:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/09 00:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/09 00:00:32 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Owner\Desktop\spybotsd162.exe
[2010/12/08 23:50:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JavaRa
[2010/12/08 01:13:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Takumi na Muchi] Choudenjihou no Sasoikata (Toaru Kagaku no Railgun) [ENG]
[2010/12/06 23:20:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/06 23:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/06 23:11:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/12/06 23:10:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/06 23:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/06 23:10:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/06 23:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/06 02:36:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ISPY(douzinsisyndrome.blog75.fc2.com)
[2010/12/06 02:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HYSPY(douzinsisyndrome.blog75.fc2.com)
[2010/12/05 23:52:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101204c
[2010/12/05 23:52:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C76) [Mix Fry (Takurou)] Azunya (K-ON!)
[2010/12/05 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[ARE (Kashi)] Ore no Gimai ga Azunyan no Wake ga nai Kan (K-ON!)
[2010/12/05 23:52:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101204d
[2010/12/05 03:01:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[club54] Konayuta Shiawaseron (Lucky Star)
[2010/12/03 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78) [PTD] wafukan (Little Busters!)
[2010/12/03 00:51:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\_Momoiro_Toiki_(Meramera_Jealousy)__Anemone_Syndrome_(ENG)__Masamune+Pagan_
[2010/12/01 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78) [Shadow Sorceress Communication Protocol (Hitenoneeryuu)] Sora no Omocha (Yosuga no Sora)
[2010/11/30 18:14:12 | 000,000,000 | ---D | C] -- C:\scsu_share
[2010/11/29 02:08:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(SC39) [TIMTIM MACHINE(Kazuma G-Version)] TIMTIM MACHINE 19 (Suzumiya Haruhi no Yuuutsu) [ENG]
[2010/11/29 02:08:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[TIMTIM MACHINE (Kazuma G-version)] TIMTIM MACHINE 21 (Suzumiya Haruhi no Yuuutsu [The Melancholy of Haruhi Suzumiya])
[2010/11/29 02:08:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[TIMTIM MACHINE] TIMTIM MACHINE 17 (Suzumiya Haruhi no Yuuutsu) [ENG]
[2010/11/28 19:23:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Neko wa Manma ga Utsukushii (Hisasi)] Ore no Imouto ga Kawaisugite Yabai (Ore no Imouto ga Konna ni Kawaii Wake ga nai) (English) =Team Vanilla=
[2010/11/28 19:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[おかしも] 俺の妹がこんなに不埒なわけがない!
[2010/11/27 23:22:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PASTEL WING (Kisaragi-MIC)] COSTUME PARFAIT DOLCE (Yoake Mae Yori Ruriiro na)
[2010/11/27 23:19:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\AKIHO
[2010/11/25 02:17:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Genshiken]
[2010/11/25 01:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2010/11/24 03:05:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PNO Group] Ilya with sera rizu bun hokanke ikaku!!!
[2010/11/24 03:05:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PNO Group] Motto! Ilya Bunhokan Keikaku
[2010/11/23 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Daitoutaku (Nabeshima Mike)] Ryoujoku Haruhi Juunisai EM (Suzumiya Haruhi no Yuuutsu)
[2010/11/22 19:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/21 21:03:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Games for Windows - LIVE Demos
[2010/11/21 19:59:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/11/21 19:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/11/20 01:29:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\SORT IMG
[2010/11/18 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(COMIC1☆4) [AiramatnaS (Santa Matsuri)] RAKU pe vol.01 (Copyshi) (Bakemonogatari)
[2010/11/15 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(Yuumei Sakura) [Kitsune to Budou (Kurona)] Minoranai Master Spark (Touhou Project)
[2010/11/14 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78)[Haruki Genia] Little Sister Fever Warning 2 (OreImo) (English) =Little White Butterflies=
[2010/11/14 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101113a
[2010/11/13 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Digital Lover] D.L. action 56 (俺の妹がこんなに可愛いわけがない)
[2010/11/13 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(COMIC1☆4) [うにに組] スイーツじゃないんだからね!! (迷い猫オーバーラン!)

========== Files - Modified Within 30 Days ==========

[2010/12/11 23:56:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 23:56:22 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/11 23:56:22 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/11 23:56:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/11 23:56:15 | 3216,977,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/11 23:55:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/11 23:55:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/11 23:15:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/11 22:12:58 | 088,723,407 | ---- | M] () -- C:\Users\Owner\Desktop\McAfee for PC.exe
[2010/12/11 22:11:17 | 000,001,033 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 22:11:17 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/11 20:47:59 | 000,001,146 | ---- | M] () -- C:\ProgramData\2642622203.dat
[2010/12/11 20:22:57 | 247,615,190 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/11 20:12:14 | 003,988,425 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/11 19:07:20 | 000,252,653 | ---- | M] () -- C:\Users\Owner\Desktop\f759963c5ffd6c3860fd7493013e8a8f.jpg
[2010/12/11 19:07:12 | 000,470,963 | ---- | M] () -- C:\Users\Owner\Desktop\799bb5ec7c6a32febc7957c1f96d52ce.jpg
[2010/12/11 19:02:46 | 000,062,070 | ---- | M] () -- C:\Users\Owner\Desktop\bdf1ef91abdf392e18551813f053225d.jpg
[2010/12/11 16:50:18 | 000,042,496 | ---- | M] () -- C:\Users\Owner\Desktop\mtg spending.xlr
[2010/12/11 16:50:18 | 000,015,980 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/12/11 00:44:55 | 000,031,390 | ---- | M] () -- C:\Users\Owner\Desktop\virus steps.odt
[2010/12/10 19:53:48 | 000,129,534 | ---- | M] () -- C:\Users\Owner\Desktop\139ee18aa91bfbb960e9730ec8114c92.jpg
[2010/12/10 19:52:34 | 000,356,681 | ---- | M] () -- C:\Users\Owner\Desktop\f19176b9ce82b5c4550cb32db931f84a.jpg
[2010/12/10 19:49:36 | 000,181,107 | ---- | M] () -- C:\Users\Owner\Desktop\sample-b17b6fad437b36173e2e785019032836.jpg
[2010/12/10 00:44:00 | 156,691,788 | ---- | M] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 02 [391BBFD9].mkv
[2010/12/10 00:09:54 | 000,136,388 | ---- | M] () -- C:\Users\Owner\Desktop\sample-61ee765e4d40a5f881b4e2d745acdd69.jpg
[2010/12/10 00:09:41 | 000,083,830 | ---- | M] () -- C:\Users\Owner\Desktop\7f0179c06ff846486d7be71d0d80a35a.jpg
[2010/12/10 00:09:30 | 000,049,151 | ---- | M] () -- C:\Users\Owner\Desktop\da85230ca6d37a94c4fe8d0bec931b83.jpg
[2010/12/10 00:09:13 | 000,073,945 | ---- | M] () -- C:\Users\Owner\Desktop\sample-dfac627f94904643cbfebe3ca451bd90.jpg
[2010/12/09 15:07:54 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/09 15:00:58 | 000,232,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/09 04:30:32 | 000,094,087 | ---- | M] () -- C:\Users\Owner\Desktop\fw12.pdf
[2010/12/09 03:59:29 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Users\Owner\Desktop\Ad-Aware90Install.exe
[2010/12/09 02:53:39 | 000,493,638 | ---- | M] () -- C:\Users\Owner\Desktop\5489479666b3d5679511f86dcef7a460.jpg
[2010/12/09 02:53:30 | 000,126,768 | ---- | M] () -- C:\Users\Owner\Desktop\sample-3fb3f415d4380593cc868b4c88da531e.jpg
[2010/12/09 02:04:05 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\mlpdjnmm.exe
[2010/12/09 02:00:38 | 042,371,584 | ---- | M] () -- C:\Users\Owner\Desktop\eav_nt32_enu.msi
[2010/12/09 01:52:21 | 000,624,128 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2010/12/09 00:44:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2010/12/09 00:01:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Owner\Desktop\spybotsd162.exe
[2010/12/08 23:38:19 | 002,672,312 | ---- | M] () -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/12/08 23:34:27 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\mlbmi3qw.exe
[2010/12/06 23:10:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 20:30:33 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/12/06 19:10:10 | 019,208,499 | ---- | M] () -- C:\Users\Owner\Desktop\(COMITIA95) [Tetchan Hato] Erobanashiyo (Original).zip
[2010/12/06 14:43:50 | 008,053,127 | ---- | M] () -- C:\Users\Owner\Desktop\20101207-1-7.zip
[2010/12/05 20:08:21 | 196,086,145 | ---- | M] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 01.mkv
[2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/26 14:31:59 | 392,359,808 | ---- | M] () -- C:\Users\Owner\Desktop\(18禁アニメ) 鬼父2 下巻 「巨乳と天然と卑しと嫉み」 (704x396 DivX6.92).avi
[2010/11/14 22:01:45 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/14 22:01:45 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/12/11 22:11:27 | 088,723,407 | ---- | C] () -- C:\Users\Owner\Desktop\McAfee for PC.exe
[2010/12/11 22:11:17 | 000,001,033 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 22:11:17 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/11 22:05:08 | 3216,977,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/11 21:00:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/11 21:00:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/11 21:00:55 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/11 21:00:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/11 21:00:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/11 20:11:55 | 003,988,425 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/12/11 19:07:13 | 000,252,653 | ---- | C] () -- C:\Users\Owner\Desktop\f759963c5ffd6c3860fd7493013e8a8f.jpg
[2010/12/11 19:06:59 | 000,470,963 | ---- | C] () -- C:\Users\Owner\Desktop\799bb5ec7c6a32febc7957c1f96d52ce.jpg
[2010/12/11 19:02:33 | 000,062,070 | ---- | C] () -- C:\Users\Owner\Desktop\bdf1ef91abdf392e18551813f053225d.jpg
[2010/12/11 00:44:53 | 000,031,390 | ---- | C] () -- C:\Users\Owner\Desktop\virus steps.odt
[2010/12/10 19:53:48 | 000,129,534 | ---- | C] () -- C:\Users\Owner\Desktop\139ee18aa91bfbb960e9730ec8114c92.jpg
[2010/12/10 19:52:34 | 000,356,681 | ---- | C] () -- C:\Users\Owner\Desktop\f19176b9ce82b5c4550cb32db931f84a.jpg
[2010/12/10 19:49:32 | 000,181,107 | ---- | C] () -- C:\Users\Owner\Desktop\sample-b17b6fad437b36173e2e785019032836.jpg
[2010/12/10 00:34:37 | 156,691,788 | ---- | C] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 02 [391BBFD9].mkv
[2010/12/10 00:09:54 | 000,136,388 | ---- | C] () -- C:\Users\Owner\Desktop\sample-61ee765e4d40a5f881b4e2d745acdd69.jpg
[2010/12/10 00:09:40 | 000,083,830 | ---- | C] () -- C:\Users\Owner\Desktop\7f0179c06ff846486d7be71d0d80a35a.jpg
[2010/12/10 00:09:30 | 000,049,151 | ---- | C] () -- C:\Users\Owner\Desktop\da85230ca6d37a94c4fe8d0bec931b83.jpg
[2010/12/10 00:09:12 | 000,073,945 | ---- | C] () -- C:\Users\Owner\Desktop\sample-dfac627f94904643cbfebe3ca451bd90.jpg
[2010/12/09 04:30:16 | 000,094,087 | ---- | C] () -- C:\Users\Owner\Desktop\fw12.pdf
[2010/12/09 02:53:38 | 000,493,638 | ---- | C] () -- C:\Users\Owner\Desktop\5489479666b3d5679511f86dcef7a460.jpg
[2010/12/09 02:53:26 | 000,126,768 | ---- | C] () -- C:\Users\Owner\Desktop\sample-3fb3f415d4380593cc868b4c88da531e.jpg
[2010/12/09 02:04:02 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\mlpdjnmm.exe
[2010/12/09 01:52:14 | 000,624,128 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2010/12/09 01:49:41 | 042,371,584 | ---- | C] () -- C:\Users\Owner\Desktop\eav_nt32_enu.msi
[2010/12/08 23:38:05 | 002,672,312 | ---- | C] () -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/12/08 23:34:00 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\mlbmi3qw.exe
[2010/12/08 23:15:05 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/12/06 23:10:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 20:39:50 | 000,001,146 | ---- | C] () -- C:\ProgramData\2642622203.dat
[2010/12/06 19:09:30 | 019,208,499 | ---- | C] () -- C:\Users\Owner\Desktop\(COMITIA95) [Tetchan Hato] Erobanashiyo (Original).zip
[2010/12/06 14:43:29 | 008,053,127 | ---- | C] () -- C:\Users\Owner\Desktop\20101207-1-7.zip
[2010/12/05 20:04:14 | 196,086,145 | ---- | C] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 01.mkv
[2010/11/26 14:16:05 | 392,359,808 | ---- | C] () -- C:\Users\Owner\Desktop\(18禁アニメ) 鬼父2 下巻 「巨乳と天然と卑しと嫉み」 (704x396 DivX6.92).avi
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/12 17:46:28 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/19 03:45:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/19 03:03:13 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/08/04 17:01:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/21 23:12:20 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/01/05 14:22:04 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/03/27 12:07:32 | 000,015,980 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/03/21 12:08:48 | 000,232,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/25 15:44:35 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/25 08:26:07 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/08/02 16:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== LOP Check ==========

[2008/03/21 13:53:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2010/01/26 09:10:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AICPA
[2010/12/10 00:34:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2008/03/30 15:41:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ContentGuard
[2009/09/14 23:48:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FFSJ
[2010/10/12 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fyak
[2010/11/13 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Goer
[2010/06/21 01:04:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2010/03/06 01:03:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/03/04 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape
[2010/12/07 22:37:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ohibb
[2010/10/06 18:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ollil
[2009/03/06 20:49:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2009/01/05 14:22:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2009/07/31 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RenPy
[2008/03/27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/12/09 01:47:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/04/19 03:23:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizards of the Coast
[2010/12/11 23:55:27 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

0

OTL Quick Scan)

OTL logfile created on: 12/12/2010 12:04:53 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 17.06 Gb Free Space | 6.03% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.06 Gb Free Space | 33.75% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/19 15:49:16 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/19 15:54:07 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/04/29 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/04/29 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/09/12 03:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/23 15:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/17 12:54:17 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/01/25 08:28:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/25 08:25:56 | 001,838,592 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 03:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2007/06/27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel(R)
SRV - [2007/06/27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2007/06/27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2007/06/27 10:15:40 | 000,036,056 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/06/27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel(R)
SRV - [2007/06/27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2007/06/27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel(R)
SRV - [2007/06/27 10:13:56 | 000,268,504 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 11:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/08/02 16:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/29 20:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/04/29 20:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/04/29 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/29 20:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/04/29 20:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/29 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/03/27 14:32:37 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/25 15:43:58 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/25 15:43:58 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/25 15:43:58 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/25 08:22:34 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/12 03:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/09/12 03:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/20 00:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/08/20 00:08:08 | 002,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/02 16:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.animesuki.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=11-05-2010&tb_mrud=11-05-2010&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 22:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 21:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/07/19 15:50:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/07/19 15:51:36 | 000,000,000 | ---D | M]

[2009/12/29 13:59:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/12/11 00:26:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions
[2010/07/22 11:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/06 20:04:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/11 13:18:45 | 000,002,343 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s13smqux.default\searchplugins\aol-search.xml
[2010/12/11 23:34:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/02 12:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/11 23:34:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/12/11 23:34:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/11 23:55:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/24 23:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 23:44:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/11 23:32:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/11 22:17:13 | 000,065,224 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/12/11 22:17:10 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/12/11 22:17:05 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010/12/11 22:17:00 | 000,091,640 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/12/11 22:16:57 | 000,063,696 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2010/12/11 22:16:54 | 000,342,128 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010/12/11 22:16:51 | 000,070,216 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2010/12/11 22:15:09 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/12/11 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/12/11 22:11:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/11 22:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/11 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/11 21:58:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/11 21:03:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/11 21:01:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/11 21:00:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/11 21:00:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/11 21:00:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/11 20:59:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/11 20:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/11 20:11:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/11 03:53:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/12/10 22:48:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AIM
[2010/12/10 22:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AOL
[2010/12/10 17:28:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\20101211_02
[2010/12/10 17:28:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\20101211_01
[2010/12/09 15:07:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/12/09 15:07:54 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/09 14:59:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus Stuffs
[2010/12/09 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Sunbelt Software
[2010/12/09 14:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/12/09 03:37:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ESET
[2010/12/09 03:06:44 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Users\Owner\Desktop\Ad-Aware90Install.exe
[2010/12/09 00:44:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2010/12/09 00:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/09 00:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/09 00:00:32 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Owner\Desktop\spybotsd162.exe
[2010/12/08 23:50:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JavaRa
[2010/12/08 01:13:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Takumi na Muchi] Choudenjihou no Sasoikata (Toaru Kagaku no Railgun) [ENG]
[2010/12/06 23:20:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/06 23:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/06 23:11:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/12/06 23:10:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/06 23:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/06 23:10:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/06 23:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/06 02:36:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ISPY(douzinsisyndrome.blog75.fc2.com)
[2010/12/06 02:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HYSPY(douzinsisyndrome.blog75.fc2.com)
[2010/12/05 23:52:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101204c
[2010/12/05 23:52:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C76) [Mix Fry (Takurou)] Azunya (K-ON!)
[2010/12/05 23:52:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[ARE (Kashi)] Ore no Gimai ga Azunyan no Wake ga nai Kan (K-ON!)
[2010/12/05 23:52:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101204d
[2010/12/05 03:01:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[club54] Konayuta Shiawaseron (Lucky Star)
[2010/12/03 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78) [PTD] wafukan (Little Busters!)
[2010/12/03 00:51:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\_Momoiro_Toiki_(Meramera_Jealousy)__Anemone_Syndrome_(ENG)__Masamune+Pagan_
[2010/12/01 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78) [Shadow Sorceress Communication Protocol (Hitenoneeryuu)] Sora no Omocha (Yosuga no Sora)
[2010/11/30 18:14:12 | 000,000,000 | ---D | C] -- C:\scsu_share
[2010/11/29 02:08:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(SC39) [TIMTIM MACHINE(Kazuma G-Version)] TIMTIM MACHINE 19 (Suzumiya Haruhi no Yuuutsu) [ENG]
[2010/11/29 02:08:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[TIMTIM MACHINE (Kazuma G-version)] TIMTIM MACHINE 21 (Suzumiya Haruhi no Yuuutsu [The Melancholy of Haruhi Suzumiya])
[2010/11/29 02:08:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[TIMTIM MACHINE] TIMTIM MACHINE 17 (Suzumiya Haruhi no Yuuutsu) [ENG]
[2010/11/28 19:23:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Neko wa Manma ga Utsukushii (Hisasi)] Ore no Imouto ga Kawaisugite Yabai (Ore no Imouto ga Konna ni Kawaii Wake ga nai) (English) =Team Vanilla=
[2010/11/28 19:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[おかしも] 俺の妹がこんなに不埒なわけがない!
[2010/11/27 23:22:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PASTEL WING (Kisaragi-MIC)] COSTUME PARFAIT DOLCE (Yoake Mae Yori Ruriiro na)
[2010/11/27 23:19:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\AKIHO
[2010/11/25 02:17:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Genshiken]
[2010/11/25 01:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2010/11/24 03:05:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PNO Group] Ilya with sera rizu bun hokanke ikaku!!!
[2010/11/24 03:05:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[PNO Group] Motto! Ilya Bunhokan Keikaku
[2010/11/23 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Daitoutaku (Nabeshima Mike)] Ryoujoku Haruhi Juunisai EM (Suzumiya Haruhi no Yuuutsu)
[2010/11/22 19:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/21 21:03:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Games for Windows - LIVE Demos
[2010/11/21 19:59:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/11/21 19:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/11/20 01:29:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\SORT IMG
[2010/11/18 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(COMIC1☆4) [AiramatnaS (Santa Matsuri)] RAKU pe vol.01 (Copyshi) (Bakemonogatari)
[2010/11/15 01:45:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(Yuumei Sakura) [Kitsune to Budou (Kurona)] Minoranai Master Spark (Touhou Project)
[2010/11/14 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(C78)[Haruki Genia] Little Sister Fever Warning 2 (OreImo) (English) =Little White Butterflies=
[2010/11/14 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\101113a
[2010/11/13 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[Digital Lover] D.L. action 56 (俺の妹がこんなに可愛いわけがない)
[2010/11/13 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\(COMIC1☆4) [うにに組] スイーツじゃないんだからね!! (迷い猫オーバーラン!)

========== Files - Modified Within 30 Days ==========

[2010/12/11 23:56:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 23:56:22 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/11 23:56:22 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/11 23:56:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/11 23:56:15 | 3216,977,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/11 23:55:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/11 23:55:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/11 23:15:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/11 22:12:58 | 088,723,407 | ---- | M] () -- C:\Users\Owner\Desktop\McAfee for PC.exe
[2010/12/11 22:11:17 | 000,001,033 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 22:11:17 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/11 20:47:59 | 000,001,146 | ---- | M] () -- C:\ProgramData\2642622203.dat
[2010/12/11 20:22:57 | 247,615,190 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/11 20:12:14 | 003,988,425 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/12/11 20:11:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/12/11 19:07:20 | 000,252,653 | ---- | M] () -- C:\Users\Owner\Desktop\f759963c5ffd6c3860fd7493013e8a8f.jpg
[2010/12/11 19:07:12 | 000,470,963 | ---- | M] () -- C:\Users\Owner\Desktop\799bb5ec7c6a32febc7957c1f96d52ce.jpg
[2010/12/11 19:02:46 | 000,062,070 | ---- | M] () -- C:\Users\Owner\Desktop\bdf1ef91abdf392e18551813f053225d.jpg
[2010/12/11 16:50:18 | 000,042,496 | ---- | M] () -- C:\Users\Owner\Desktop\mtg spending.xlr
[2010/12/11 16:50:18 | 000,015,980 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/12/11 00:44:55 | 000,031,390 | ---- | M] () -- C:\Users\Owner\Desktop\virus steps.odt
[2010/12/10 19:53:48 | 000,129,534 | ---- | M] () -- C:\Users\Owner\Desktop\139ee18aa91bfbb960e9730ec8114c92.jpg
[2010/12/10 19:52:34 | 000,356,681 | ---- | M] () -- C:\Users\Owner\Desktop\f19176b9ce82b5c4550cb32db931f84a.jpg
[2010/12/10 19:49:36 | 000,181,107 | ---- | M] () -- C:\Users\Owner\Desktop\sample-b17b6fad437b36173e2e785019032836.jpg
[2010/12/10 00:44:00 | 156,691,788 | ---- | M] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 02 [391BBFD9].mkv
[2010/12/10 00:09:54 | 000,136,388 | ---- | M] () -- C:\Users\Owner\Desktop\sample-61ee765e4d40a5f881b4e2d745acdd69.jpg
[2010/12/10 00:09:41 | 000,083,830 | ---- | M] () -- C:\Users\Owner\Desktop\7f0179c06ff846486d7be71d0d80a35a.jpg
[2010/12/10 00:09:30 | 000,049,151 | ---- | M] () -- C:\Users\Owner\Desktop\da85230ca6d37a94c4fe8d0bec931b83.jpg
[2010/12/10 00:09:13 | 000,073,945 | ---- | M] () -- C:\Users\Owner\Desktop\sample-dfac627f94904643cbfebe3ca451bd90.jpg
[2010/12/09 15:07:54 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/09 15:00:58 | 000,232,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/09 04:30:32 | 000,094,087 | ---- | M] () -- C:\Users\Owner\Desktop\fw12.pdf
[2010/12/09 03:59:29 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Users\Owner\Desktop\Ad-Aware90Install.exe
[2010/12/09 02:53:39 | 000,493,638 | ---- | M] () -- C:\Users\Owner\Desktop\5489479666b3d5679511f86dcef7a460.jpg
[2010/12/09 02:53:30 | 000,126,768 | ---- | M] () -- C:\Users\Owner\Desktop\sample-3fb3f415d4380593cc868b4c88da531e.jpg
[2010/12/09 02:04:05 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\mlpdjnmm.exe
[2010/12/09 02:00:38 | 042,371,584 | ---- | M] () -- C:\Users\Owner\Desktop\eav_nt32_enu.msi
[2010/12/09 01:52:21 | 000,624,128 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2010/12/09 00:44:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2010/12/09 00:01:18 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Owner\Desktop\spybotsd162.exe
[2010/12/08 23:38:19 | 002,672,312 | ---- | M] () -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/12/08 23:34:27 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\mlbmi3qw.exe
[2010/12/06 23:10:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 20:30:33 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/12/06 19:10:10 | 019,208,499 | ---- | M] () -- C:\Users\Owner\Desktop\(COMITIA95) [Tetchan Hato] Erobanashiyo (Original).zip
[2010/12/06 14:43:50 | 008,053,127 | ---- | M] () -- C:\Users\Owner\Desktop\20101207-1-7.zip
[2010/12/05 20:08:21 | 196,086,145 | ---- | M] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 01.mkv
[2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/26 14:31:59 | 392,359,808 | ---- | M] () -- C:\Users\Owner\Desktop\(18禁アニメ) 鬼父2 下巻 「巨乳と天然と卑しと嫉み」 (704x396 DivX6.92).avi
[2010/11/14 22:01:45 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/14 22:01:45 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/12/11 22:11:27 | 088,723,407 | ---- | C] () -- C:\Users\Owner\Desktop\McAfee for PC.exe
[2010/12/11 22:11:17 | 000,001,033 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 22:11:17 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/11 22:05:08 | 3216,977,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/11 21:00:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/11 21:00:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/11 21:00:55 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/11 21:00:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/11 21:00:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/11 20:11:55 | 003,988,425 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/12/11 19:07:13 | 000,252,653 | ---- | C] () -- C:\Users\Owner\Desktop\f759963c5ffd6c3860fd7493013e8a8f.jpg
[2010/12/11 19:06:59 | 000,470,963 | ---- | C] () -- C:\Users\Owner\Desktop\799bb5ec7c6a32febc7957c1f96d52ce.jpg
[2010/12/11 19:02:33 | 000,062,070 | ---- | C] () -- C:\Users\Owner\Desktop\bdf1ef91abdf392e18551813f053225d.jpg
[2010/12/11 00:44:53 | 000,031,390 | ---- | C] () -- C:\Users\Owner\Desktop\virus steps.odt
[2010/12/10 19:53:48 | 000,129,534 | ---- | C] () -- C:\Users\Owner\Desktop\139ee18aa91bfbb960e9730ec8114c92.jpg
[2010/12/10 19:52:34 | 000,356,681 | ---- | C] () -- C:\Users\Owner\Desktop\f19176b9ce82b5c4550cb32db931f84a.jpg
[2010/12/10 19:49:32 | 000,181,107 | ---- | C] () -- C:\Users\Owner\Desktop\sample-b17b6fad437b36173e2e785019032836.jpg
[2010/12/10 00:34:37 | 156,691,788 | ---- | C] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 02 [391BBFD9].mkv
[2010/12/10 00:09:54 | 000,136,388 | ---- | C] () -- C:\Users\Owner\Desktop\sample-61ee765e4d40a5f881b4e2d745acdd69.jpg
[2010/12/10 00:09:40 | 000,083,830 | ---- | C] () -- C:\Users\Owner\Desktop\7f0179c06ff846486d7be71d0d80a35a.jpg
[2010/12/10 00:09:30 | 000,049,151 | ---- | C] () -- C:\Users\Owner\Desktop\da85230ca6d37a94c4fe8d0bec931b83.jpg
[2010/12/10 00:09:12 | 000,073,945 | ---- | C] () -- C:\Users\Owner\Desktop\sample-dfac627f94904643cbfebe3ca451bd90.jpg
[2010/12/09 04:30:16 | 000,094,087 | ---- | C] () -- C:\Users\Owner\Desktop\fw12.pdf
[2010/12/09 02:53:38 | 000,493,638 | ---- | C] () -- C:\Users\Owner\Desktop\5489479666b3d5679511f86dcef7a460.jpg
[2010/12/09 02:53:26 | 000,126,768 | ---- | C] () -- C:\Users\Owner\Desktop\sample-3fb3f415d4380593cc868b4c88da531e.jpg
[2010/12/09 02:04:02 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\mlpdjnmm.exe
[2010/12/09 01:52:14 | 000,624,128 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2010/12/09 01:49:41 | 042,371,584 | ---- | C] () -- C:\Users\Owner\Desktop\eav_nt32_enu.msi
[2010/12/08 23:38:05 | 002,672,312 | ---- | C] () -- C:\Users\Owner\Desktop\esetsmartinstaller_enu.exe
[2010/12/08 23:34:00 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\mlbmi3qw.exe
[2010/12/08 23:15:05 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/12/06 23:10:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/06 20:39:50 | 000,001,146 | ---- | C] () -- C:\ProgramData\2642622203.dat
[2010/12/06 19:09:30 | 019,208,499 | ---- | C] () -- C:\Users\Owner\Desktop\(COMITIA95) [Tetchan Hato] Erobanashiyo (Original).zip
[2010/12/06 14:43:29 | 008,053,127 | ---- | C] () -- C:\Users\Owner\Desktop\20101207-1-7.zip
[2010/12/05 20:04:14 | 196,086,145 | ---- | C] () -- C:\Users\Owner\Desktop\[SubDESU-H] Oni Chichi2 01.mkv
[2010/11/26 14:16:05 | 392,359,808 | ---- | C] () -- C:\Users\Owner\Desktop\(18禁アニメ) 鬼父2 下巻 「巨乳と天然と卑しと嫉み」 (704x396 DivX6.92).avi
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/12 17:46:28 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/19 03:45:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/19 03:03:13 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/08/04 17:01:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/21 23:12:20 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2009/01/05 14:22:04 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/03/27 12:07:32 | 000,015,980 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/03/21 12:08:48 | 000,232,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/25 15:44:35 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/25 08:26:07 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/08/02 16:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== LOP Check ==========

[2008/03/21 13:53:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2010/01/26 09:10:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AICPA
[2010/12/10 00:34:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2008/03/30 15:41:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ContentGuard
[2009/09/14 23:48:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FFSJ
[2010/10/12 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fyak
[2010/11/13 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Goer
[2010/06/21 01:04:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2010/03/06 01:03:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/03/04 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape
[2010/12/07 22:37:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ohibb
[2010/10/06 18:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ollil
[2009/03/06 20:49:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2009/01/05 14:22:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2009/07/31 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RenPy
[2008/03/27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/12/09 01:47:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/04/19 03:23:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizards of the Coast
[2010/12/11 23:55:27 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

0

Just an update: I still have the audio ad problem, though my options must be pretty low at this point, huh?

0

Can you post the JavaRa log please.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
0

If I did this right, JavaRa log)

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Dec 11 23:28:56 2010

Found and removed: C:\Program Files\Java\jre1.6.0

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\JavaPlugin.160

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.6.0

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

0

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell XPS420
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 153):
0x82038000 \SystemRoot\system32\ntkrnlpa.exe
0x82005000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\System32\drivers\partmgr.sys
0x80720000 \SystemRoot\system32\drivers\volmgr.sys
0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80779000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80780000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8078E000 \SystemRoot\system32\drivers\pciide.sys
0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A5000 \SystemRoot\system32\drivers\atapi.sys
0x807AD000 \SystemRoot\system32\drivers\ataport.SYS
0x807CB000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BE000 \SystemRoot\system32\drivers\fileinfo.sys
0x805CE000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x80600000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82609000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8267A000 \SystemRoot\system32\drivers\ndis.sys
0x82785000 \SystemRoot\system32\drivers\msrpc.sys
0x827B0000 \SystemRoot\system32\drivers\NETIO.SYS
0x83005000 \SystemRoot\System32\drivers\tcpip.sys
0x830EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x83209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83319000 \SystemRoot\system32\drivers\volsnap.sys
0x83352000 \SystemRoot\System32\Drivers\spldr.sys
0x8335A000 \SystemRoot\System32\Drivers\mup.sys
0x83369000 \SystemRoot\system32\drivers\mfehidk.sys
0x833BB000 \SystemRoot\System32\drivers\ecache.sys
0x833E2000 \SystemRoot\system32\drivers\disk.sys
0x8310A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x833F3000 \SystemRoot\system32\drivers\crcdisk.sys
0x83143000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8314E000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83157000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EC06000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8F32E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F3CF000 \SystemRoot\System32\drivers\watchdog.sys
0x83166000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8F3DB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x831A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F3E6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F409000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F496000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8F4E0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F603000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F706000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F7BA000 \SystemRoot\system32\drivers\modem.sys
0x8F7C7000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F7D7000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F7E5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F50A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F539000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F57A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F585000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F5A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F5CA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F5D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x831DF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F5ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F3F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x831F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F7FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F600000 \SystemRoot\System32\Drivers\IntelDH.sys
0x827EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x805DD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FA0D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FA42000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FA53000 \SystemRoot\system32\drivers\stwrt.sys
0x8FAA6000 \SystemRoot\system32\drivers\portcls.sys
0x8FAD3000 \SystemRoot\system32\drivers\drmk.sys
0x8FAF8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FB01000 \SystemRoot\System32\Drivers\Null.SYS
0x8FB08000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FB18000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FB1F000 \SystemRoot\System32\drivers\vga.sys
0x8FB2B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FB4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FB54000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FB5C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FB67000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FB75000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FB7E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FB94000 \SystemRoot\system32\drivers\mfetdik.sys
0x8FBA2000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FBB6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FC00000 \SystemRoot\system32\drivers\afd.sys
0x8FC48000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FC5E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FC6C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FC7F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FCBB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FCC5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FCDC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FCE5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FCF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FCF7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FCFF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8FD08000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FD4E000 \SystemRoot\system32\drivers\usbaudio.sys
0x8FD60000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8FD9B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FDA8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FDB3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x972B0000 \SystemRoot\System32\win32k.sys
0x8FDBB000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FDC5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x974D0000 \SystemRoot\System32\TSDDD.dll
0x974F0000 \SystemRoot\System32\cdd.dll
0x8FDD4000 \SystemRoot\system32\drivers\luafv.sys
0x9C60C000 \SystemRoot\system32\drivers\spsys.sys
0x9C6BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C6CC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C6DF000 \SystemRoot\system32\DRIVERS\WinUSB.SYS
0x9C6E7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9C6FC000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9C70E000 \SystemRoot\system32\drivers\HTTP.sys
0x9C77B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C798000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C7B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C7C6000 \SystemRoot\system32\drivers\mrxdav.sys
0x8FD1F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DC02000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DC3B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DC53000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9DC7B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9DCC9000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9DCD3000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x9DCE0000 \SystemRoot\system32\DRIVERS\BrUsbSer.sys
0x9DCE3000 \SystemRoot\system32\DRIVERS\BrSerId.sys
0x9DCF5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9DD0A000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9DD32000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9DD36000 \SystemRoot\system32\DRIVERS\nmsunidr.sys
0x9F608000 \SystemRoot\system32\drivers\peauth.sys
0x9F6E6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F6F0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F6FC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F704000 \SystemRoot\system32\drivers\mfebopk.sys
0x9F70D000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9F71E000 \SystemRoot\system32\drivers\mfeavfk.sys
0x77700000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
512 csrss.exe
568 C:\Windows\System32\wininit.exe
580 csrss.exe
612 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\Ati2evxx.exe
988 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\audiodg.exe
1180 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\SLsvc.exe
1256 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\svchost.exe
1504 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1640 WUDFHost.exe
1688 C:\Windows\System32\Ati2evxx.exe
1756 C:\Windows\System32\spoolsv.exe
1784 C:\Windows\System32\svchost.exe
804 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
1244 C:\Program Files\Bonjour\mDNSResponder.exe
1324 C:\Windows\System32\svchost.exe
2060 C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
2120 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
2156 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
2208 C:\Windows\System32\mfevtps.exe
2248 C:\Windows\System32\svchost.exe
2260 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2392 C:\Windows\System32\stacsv.exe
2432 C:\Windows\System32\svchost.exe
2480 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2528 C:\Windows\System32\svchost.exe
2556 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2584 C:\Windows\System32\SearchIndexer.exe
2692 WUDFHost.exe
2704 C:\Windows\System32\drivers\XAudio.exe
2888 naPrdMgr.exe
2896 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
3048 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3104 mfeann.exe
3428 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3988 unsecapp.exe
4032 WmiPrvSE.exe
2684 C:\Windows\System32\taskeng.exe
2336 C:\Windows\System32\taskeng.exe
4028 C:\Windows\System32\dwm.exe
3996 C:\Windows\explorer.exe
3264 taskeng.exe
4060 C:\Windows\WindowsMobile\wmdc.exe
2540 C:\Windows\System32\svchost.exe
1456 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
1384 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1396 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
3536 shstat.exe
1920 C:\Program Files\McAfee\Common Framework\McTray.exe
2960 C:\Program Files\Windows Media Player\wmpnscfg.exe
4428 C:\Program Files\Windows Media Player\wmplayer.exe
4672 C:\Program Files\Windows Media Player\wmpnetwk.exe
4816 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
5628 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
6016 C:\Windows\System32\svchost.exe
4352 C:\Program Files\Mozilla Firefox\firefox.exe
3708 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
4964 C:\Program Files\Mozilla Firefox\plugin-container.exe
1544 C:\Windows\System32\conime.exe
3016 C:\Windows\System32\SearchProtocolHost.exe
5368 C:\Windows\System32\SearchFilterHost.exe
2292 C:\Program Files\Internet Explorer\iexplore.exe
3484 C:\Program Files\Internet Explorer\iexplore.exe
4752 C:\Users\Owner\Desktop\MBRCheck.exe
4580 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAKS-75VYA0, Rev: 12.01B02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

0

TDSS & it found an infection & after reboot, I no longer see two internet explorers running now.

2010/12/12 20:47:52.0170 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/12 20:47:52.0170 ================================================================================
2010/12/12 20:47:52.0170 SystemInfo:
2010/12/12 20:47:52.0170
2010/12/12 20:47:52.0170 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/12 20:47:52.0170 Product type: Workstation
2010/12/12 20:47:52.0170 ComputerName: OWNER-PC
2010/12/12 20:47:52.0170 UserName: Owner
2010/12/12 20:47:52.0170 Windows directory: C:\Windows
2010/12/12 20:47:52.0170 System windows directory: C:\Windows
2010/12/12 20:47:52.0170 Processor architecture: Intel x86
2010/12/12 20:47:52.0170 Number of processors: 4
2010/12/12 20:47:52.0171 Page size: 0x1000
2010/12/12 20:47:52.0171 Boot type: Normal boot
2010/12/12 20:47:52.0171 ================================================================================
2010/12/12 20:47:52.0725 Initialize success
2010/12/12 20:48:02.0281 ================================================================================
2010/12/12 20:48:02.0281 Scan started
2010/12/12 20:48:02.0281 Mode: Manual;
2010/12/12 20:48:02.0281 ================================================================================
2010/12/12 20:48:03.0377 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/12 20:48:03.0444 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/12 20:48:03.0483 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/12 20:48:03.0520 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/12 20:48:03.0549 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/12 20:48:03.0622 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/12 20:48:03.0668 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/12/12 20:48:03.0727 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/12 20:48:03.0762 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2010/12/12 20:48:03.0849 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/12/12 20:48:03.0905 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2010/12/12 20:48:03.0987 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/12 20:48:04.0048 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/12 20:48:04.0092 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/12 20:48:04.0115 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/12 20:48:04.0167 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/12 20:48:04.0204 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/12 20:48:04.0292 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/12 20:48:04.0400 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/12 20:48:04.0482 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/12 20:48:04.0502 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/12 20:48:04.0530 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/12 20:48:04.0563 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
2010/12/12 20:48:04.0589 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/12 20:48:04.0616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/12 20:48:04.0640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2010/12/12 20:48:04.0670 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/12 20:48:04.0778 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/12 20:48:04.0828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/12 20:48:04.0856 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/12 20:48:04.0900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/12 20:48:04.0942 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2010/12/12 20:48:05.0039 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2010/12/12 20:48:05.0076 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/12 20:48:05.0100 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/12 20:48:05.0151 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/12 20:48:05.0308 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/12 20:48:05.0380 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/12 20:48:05.0464 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/12 20:48:05.0527 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/12 20:48:05.0563 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/12 20:48:05.0626 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/12 20:48:05.0671 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/12 20:48:05.0737 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/12 20:48:05.0757 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/12 20:48:05.0783 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/12 20:48:05.0836 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/12 20:48:05.0880 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/12 20:48:05.0918 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/12 20:48:05.0944 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/12 20:48:05.0987 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/12 20:48:06.0031 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/12 20:48:06.0121 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2010/12/12 20:48:06.0233 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/12 20:48:06.0270 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/12 20:48:06.0292 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/12 20:48:06.0316 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/12 20:48:06.0342 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/12 20:48:06.0398 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/12 20:48:06.0507 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/12/12 20:48:06.0649 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/12 20:48:06.0684 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/12 20:48:06.0744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/12 20:48:06.0790 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2010/12/12 20:48:06.0829 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/12 20:48:06.0863 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/12 20:48:06.0911 IntelDH (7f440f8ced849fcdfa85bb3521b4f048) C:\Windows\system32\Drivers\IntelDH.sys
2010/12/12 20:48:06.0968 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/12 20:48:07.0069 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/12 20:48:07.0130 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/12 20:48:07.0180 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/12 20:48:07.0237 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/12 20:48:07.0293 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/12 20:48:07.0322 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/12/12 20:48:07.0447 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/12 20:48:07.0472 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/12 20:48:07.0511 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/12 20:48:07.0553 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/12 20:48:07.0592 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/12 20:48:07.0645 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/12 20:48:07.0739 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2010/12/12 20:48:07.0854 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/12 20:48:07.0893 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/12 20:48:07.0920 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/12 20:48:07.0956 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/12 20:48:08.0008 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/12 20:48:08.0076 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/12 20:48:08.0104 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/12 20:48:08.0171 mfeapfk (1619082b1d7f731b11449f48e91cc84c) C:\Windows\system32\drivers\mfeapfk.sys
2010/12/12 20:48:08.0236 mfeavfk (1fae237d343904e24b3a9eb04bbd8170) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/12 20:48:08.0270 mfebopk (8c324da46f9fcc5c107ceda4dbcfc7ae) C:\Windows\system32\drivers\mfebopk.sys
2010/12/12 20:48:08.0343 mfehidk (d0123e113243bdd427611f265bbd21b8) C:\Windows\system32\drivers\mfehidk.sys
2010/12/12 20:48:08.0386 mferkdet (d528f31cad4411d3ae3ce0c634232851) C:\Windows\system32\drivers\mferkdet.sys
2010/12/12 20:48:08.0588 mfetdik (28a2f3c4ca8c2063087c9fcd963586c0) C:\Windows\system32\drivers\mfetdik.sys
2010/12/12 20:48:08.0687 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/12 20:48:08.0727 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/12 20:48:08.0777 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/12 20:48:08.0799 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/12 20:48:08.0848 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/12 20:48:08.0886 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/12 20:48:08.0915 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/12 20:48:08.0951 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/12 20:48:08.0997 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/12 20:48:09.0049 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/12 20:48:09.0078 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/12 20:48:09.0104 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/12 20:48:09.0130 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2010/12/12 20:48:09.0223 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/12 20:48:09.0288 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/12 20:48:09.0336 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/12 20:48:09.0416 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/12 20:48:09.0478 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/12 20:48:09.0534 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/12 20:48:09.0582 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/12 20:48:09.0614 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/12 20:48:09.0632 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/12 20:48:09.0659 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/12 20:48:09.0711 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/12 20:48:09.0775 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/12 20:48:09.0827 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/12 20:48:09.0883 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/12 20:48:09.0932 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/12 20:48:09.0971 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/12 20:48:09.0996 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/12 20:48:10.0051 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/12 20:48:10.0099 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/12 20:48:10.0142 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
2010/12/12 20:48:10.0209 NPF (d21fee8db254ba762656878168ac1db6) C:\Windows\system32\drivers\npf.sys
2010/12/12 20:48:10.0278 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/12 20:48:10.0348 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/12 20:48:10.0452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/12 20:48:10.0551 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/12 20:48:10.0597 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/12 20:48:10.0627 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/12 20:48:10.0656 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/12 20:48:10.0680 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/12/12 20:48:10.0801 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/12 20:48:10.0830 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/12 20:48:10.0866 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/12 20:48:10.0896 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/12 20:48:10.0949 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/12 20:48:10.0985 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/12/12 20:48:11.0034 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/12 20:48:11.0094 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/12 20:48:11.0211 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/12 20:48:11.0243 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/12 20:48:11.0305 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/12 20:48:11.0356 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/12 20:48:11.0410 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/12 20:48:11.0452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/12 20:48:11.0519 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/12 20:48:11.0619 R300 (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/12 20:48:11.0697 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/12 20:48:11.0754 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/12 20:48:11.0804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/12 20:48:11.0854 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/12 20:48:11.0904 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/12 20:48:11.0960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/12 20:48:11.0993 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/12/12 20:48:12.0046 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/12 20:48:12.0097 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/12 20:48:12.0188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/12 20:48:12.0216 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/12 20:48:12.0266 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/12 20:48:12.0300 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/12 20:48:12.0330 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/12 20:48:12.0383 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/12 20:48:12.0427 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/12/12 20:48:12.0526 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/12 20:48:12.0581 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/12 20:48:12.0633 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/12 20:48:12.0668 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/12/12 20:48:12.0726 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/12 20:48:12.0754 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/12 20:48:12.0812 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/12 20:48:12.0885 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/12 20:48:12.0965 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/12 20:48:13.0109 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/12 20:48:13.0196 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/12 20:48:13.0298 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2010/12/12 20:48:13.0429 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/12 20:48:13.0455 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/12 20:48:13.0482 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/12 20:48:13.0548 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/12 20:48:13.0662 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/12 20:48:13.0750 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/12 20:48:13.0819 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/12 20:48:13.0866 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/12 20:48:13.0917 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/12 20:48:13.0952 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/12 20:48:13.0993 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/12 20:48:14.0144 TSHWMDTCP (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2010/12/12 20:48:14.0233 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/12 20:48:14.0292 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/12 20:48:14.0326 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/12 20:48:14.0358 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/12 20:48:14.0406 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/12 20:48:14.0450 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/12 20:48:14.0549 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/12 20:48:14.0607 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/12 20:48:14.0641 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/12 20:48:14.0699 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/12 20:48:14.0758 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/12 20:48:14.0802 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/12 20:48:14.0862 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/12 20:48:14.0907 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/12 20:48:14.0935 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/12 20:48:14.0960 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/12 20:48:15.0015 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/12 20:48:15.0068 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/12 20:48:15.0096 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/12 20:48:15.0165 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/12 20:48:15.0200 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/12 20:48:15.0260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/12 20:48:15.0285 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/12/12 20:48:15.0348 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/12 20:48:15.0377 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2010/12/12 20:48:15.0504 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/12 20:48:15.0573 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/12 20:48:15.0612 volsnap (15694a3a34d44548c290b77b5b45e128) C:\Windows\system32\drivers\volsnap.sys
2010/12/12 20:48:15.0618 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 15694a3a34d44548c290b77b5b45e128, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2010/12/12 20:48:15.0623 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/12 20:48:15.0655 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/12 20:48:15.0700 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/12 20:48:15.0758 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/12 20:48:15.0776 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/12 20:48:15.0812 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/12 20:48:15.0871 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/12 20:48:15.0961 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/12 20:48:16.0123 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/12/12 20:48:16.0160 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/12 20:48:16.0273 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/12 20:48:16.0335 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/12 20:48:16.0360 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/12 20:48:16.0442 ================================================================================
2010/12/12 20:48:16.0442 Scan finished
2010/12/12 20:48:16.0442 ================================================================================
2010/12/12 20:48:16.0452 Detected object count: 1
2010/12/12 20:48:45.0708 volsnap (15694a3a34d44548c290b77b5b45e128) C:\Windows\system32\drivers\volsnap.sys
2010/12/12 20:48:45.0709 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 15694a3a34d44548c290b77b5b45e128, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2010/12/12 20:48:48.0642 Backup copy found, using it..
2010/12/12 20:48:48.0693 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2010/12/12 20:48:48.0693 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2010/12/12 20:49:00.0677 Deinitialize success

Edited by DFFolken: n/a

0

It's been 3 hours and seems fine still, even restarted computer once to make sure IEs didn't start back up. If this is truly the end of the problem, I want to thank you for all the help you've given me. I certainly couldn't make it to the part where I am at now by myself.

0

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

==

Hopefully you will not need them again any time soon :).

You are most welcome :).

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.