Malware On my computer (help please) [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

7 Pages

< 1 2 3 4 5 > »

Malware On my computer (help please) [Solved]

Options

onkaloonka View Member Profile	Nov 7 2009, 03:53 PM Post #31
Member Posts: 57 From: USA :) OS: Vista home premium	It says gotcha(it says its a system file), when I double click it, it just opens up like what double clicking my computer would.

Essexboy View Member Profile	Nov 7 2009, 03:55 PM Post #32
GeekU Moderator Posts: 19,158 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Could you give me another OTL scan please and I will see if I can see where it is hiding

onkaloonka View Member Profile	Nov 7 2009, 03:57 PM Post #33
Member Posts: 57 From: USA :) OS: Vista home premium	with that code you supplied in the earlier post?

onkaloonka View Member Profile	Nov 7 2009, 03:58 PM Post #34
Member Posts: 57 From: USA :) OS: Vista home premium	Heres scan without code: OTL logfile created on: 11/7/2009 4:57:00 PM - Run 2 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Bluhm Bros\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.60 Gb Available Physical Memory \| 79.93% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 287.21 Gb Total Space \| 184.38 Gb Free Space \| 64.20% Space Free \| Partition Type: NTFS Drive D: \| 10.88 Gb Total Space \| 1.82 Gb Free Space \| 16.75% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BLUHMBROS-PC Current User Name: Bluhm Bros Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/07 11:28:53 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Users\Bluhm Bros\Downloads\OTL.exe PRC - [2009/10/29 12:27:54 \| 01,074,568 \| ---- \| M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2009/10/03 20:37:47 \| 00,289,072 \| ---- \| M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2009/09/27 05:52:00 \| 02,542,848 \| ---- \| M] (Just Great Software) -- C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe PRC - [2009/09/08 21:11:44 \| 00,856,064 \| ---- \| M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\TVersity\Media Server\MediaServer.exe PRC - [2009/08/11 10:45:08 \| 00,075,064 \| ---- \| M] () -- C:\WINDOWS\System32\PnkBstrA.exe PRC - [2009/07/16 12:20:16 \| 25,604,904 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009/07/16 12:20:16 \| 00,077,360 \| R--- \| M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009/07/15 15:30:39 \| 00,908,280 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/07/10 12:59:22 \| 00,195,072 \| ---- \| M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2009/06/05 12:39:22 \| 00,292,136 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/06/05 12:39:14 \| 00,541,992 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/06/05 10:48:14 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/21 10:34:07 \| 00,148,888 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/05/16 12:47:15 \| 00,868,352 \| ---- \| M] (Alex Rosenbaum and KishKish.com) -- C:\ProgramData\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe PRC - [2009/05/14 14:35:38 \| 05,431,808 \| ---- \| M] (Pamela-Systems) -- C:\ProgramData\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe PRC - [2009/04/17 18:01:12 \| 00,247,152 \| ---- \| M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe PRC - [2009/03/23 15:54:42 \| 00,023,840 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe PRC - [2009/03/23 15:54:42 \| 00,023,840 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe PRC - [2009/03/02 21:16:04 \| 00,247,296 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe PRC - [2009/02/15 23:10:22 \| 02,402,184 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe PRC - [2009/02/15 23:10:22 \| 00,981,384 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2009/02/06 16:02:14 \| 00,109,056 \| ---- \| M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008/12/12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/10/30 13:16:42 \| 00,282,624 \| ---- \| M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2008/10/29 01:29:41 \| 02,927,104 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/10/09 09:56:48 \| 00,094,208 \| ---- \| M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PRC - [2008/10/06 11:54:52 \| 00,365,952 \| ---- \| M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2008/09/30 18:56:04 \| 00,972,080 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe PRC - [2008/09/23 20:21:52 \| 00,468,264 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe PRC - [2008/08/01 18:14:02 \| 00,202,032 \| ---- \| M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2008/07/31 16:26:40 \| 00,575,488 \| ---- \| M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2008/07/11 13:31:00 \| 00,196,608 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe PRC - [2008/06/19 20:14:44 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe PRC - [2008/06/09 13:21:58 \| 00,073,728 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008/06/09 13:16:32 \| 02,363,392 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2008/05/01 18:25:56 \| 00,165,192 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2008/04/17 13:05:20 \| 00,103,720 \| ---- \| M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2008/04/17 13:05:10 \| 01,049,896 \| ---- \| M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2008/04/15 16:51:00 \| 00,488,752 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2008/04/11 11:04:54 \| 00,685,360 \| ---- \| M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2008/04/03 13:33:26 \| 00,193,840 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe PRC - [2008/01/20 21:25:33 \| 00,896,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008/01/20 21:25:33 \| 00,202,240 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/20 21:25:11 \| 00,125,952 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2008/01/20 21:25:11 \| 00,037,376 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe PRC - [2008/01/20 21:23:32 \| 01,008,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/03 17:28:08 \| 01,392,640 \| R--- \| M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe PRC - [2007/10/17 18:37:04 \| 00,386,560 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe PRC - [2007/09/26 09:34:40 \| 00,316,720 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2007/05/08 18:24:20 \| 00,054,840 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2007/01/04 16:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe ========== Modules (SafeList) ========== MOD - [2009/11/07 11:28:53 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Users\Bluhm Bros\Downloads\OTL.exe MOD - [2008/01/20 21:23:44 \| 01,684,480 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (VisualSVNServer) SRV - [2009/11/06 16:06:45 \| 00,655,624 \| ---- \| M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/10/29 12:27:54 \| 01,074,568 \| ---- \| M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2009/09/21 07:01:12 \| 01,028,432 \| ---- \| M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/09/08 21:11:44 \| 00,856,064 \| ---- \| M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2009/08/11 10:45:08 \| 00,075,064 \| ---- \| M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/06/05 12:39:14 \| 00,541,992 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/06/05 10:48:14 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/04/17 18:01:12 \| 00,247,152 \| ---- \| M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) SRV - [2009/02/15 23:10:22 \| 02,402,184 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2009/02/06 16:02:14 \| 00,109,056 \| ---- \| M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/12/12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/12/05 23:42:11 \| 00,376,832 \| ---- \| M] (Microsoft Corporation) -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2008/11/04 00:06:28 \| 00,441,712 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/09 09:56:48 \| 00,094,208 \| ---- \| M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service) SRV - [2008/10/06 11:54:52 \| 00,365,952 \| ---- \| M] () -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008/07/27 13:03:13 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/11 13:31:00 \| 00,196,608 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc) SRV - [2008/06/19 20:14:44 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/06/19 20:14:31 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/06/19 20:14:31 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/06/09 13:21:58 \| 00,073,728 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008/05/05 17:25:46 \| 00,165,416 \| ---- \| M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2008/05/01 18:25:56 \| 00,165,192 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex) SRV - [2008/04/03 13:33:26 \| 00,193,840 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx) SRV - [2008/01/20 21:25:33 \| 00,896,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008/01/20 21:25:09 \| 00,292,352 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2008/01/20 21:23:32 \| 00,272,952 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/17 18:37:04 \| 00,386,560 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2007/01/04 16:38:08 \| 00,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/11/02 07:35:29 \| 00,131,072 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehsched.exe -- (ehSched) SRV - [2006/11/02 07:35:29 \| 00,013,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 16:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004/10/22 05:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2009/10/28 19:45:11 \| 00,721,904 \| ---- \| M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/10/28 19:26:14 \| 00,094,208 \| ---- \| M] (VSO Software) -- C:\WINDOWS\System32\drivers\ezplay.sys -- (ezplay) DRV - [2009/10/28 19:24:57 \| 00,047,360 \| ---- \| M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys -- (pcouffin) DRV - [2009/09/23 09:41:58 \| 00,026,176 \| -H-- \| M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009/09/23 07:55:23 \| 00,064,288 \| ---- \| M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/06/05 10:42:38 \| 00,039,424 \| ---- \| M] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009/03/19 15:32:48 \| 00,023,400 \| ---- \| M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/02/15 23:11:48 \| 00,293,528 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2009/01/31 03:59:24 \| 00,023,552 \| ---- \| M] (defrag Development Team) -- C:\WINDOWS\System32\drivers\dfg.sys -- (dfg) DRV - [2008/10/28 07:53:26 \| 00,021,560 \| ---- \| M] () -- C:\Windows\system32\drivers\atapi.sys -- (atapi) DRV - [2008/10/28 07:53:26 \| 00,020,024 \| ---- \| M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/10/28 07:53:26 \| 00,019,000 \| ---- \| M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/10/28 07:53:26 \| 00,017,464 \| ---- \| M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008/10/16 19:35:58 \| 00,083,288 \| ---- \| M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2008/09/19 20:43:50 \| 00,061,952 \| ---- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2008/07/24 17:46:10 \| 00,047,640 \| ---- \| M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/07/24 17:45:20 \| 00,010,144 \| ---- \| M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\lmimirr.sys -- (lmimirr) DRV - [2008/07/11 13:31:00 \| 07,530,656 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/06/05 11:58:42 \| 00,222,208 \| ---- \| M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008/05/09 14:17:32 \| 00,043,040 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/04/27 14:07:44 \| 00,909,824 \| ---- \| M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athr.sys -- (athr) DRV - [2008/04/24 17:51:46 \| 00,014,848 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008/04/17 13:05:16 \| 00,199,344 \| ---- \| M] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008/01/29 08:55:00 \| 01,042,464 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/01/20 21:23:27 \| 00,386,616 \| ---- \| M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/20 21:23:27 \| 00,149,560 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 21:23:27 \| 00,031,288 \| ---- \| M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 21:23:26 \| 00,101,432 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 21:23:26 \| 00,074,808 \| ---- \| M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 21:23:26 \| 00,040,504 \| ---- \| M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/20 21:23:25 \| 00,300,600 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 21:23:25 \| 00,089,656 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 21:23:24 \| 01,122,360 \| ---- \| M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 21:23:24 \| 00,118,784 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) DRV - [2008/01/20 21:23:24 \| 00,079,928 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 21:23:23 \| 00,235,064 \| ---- \| M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/20 21:23:23 \| 00,130,616 \| ---- \| M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 21:23:23 \| 00,115,816 \| ---- \| M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 21:23:23 \| 00,096,312 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 21:23:23 \| 00,096,312 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 21:23:23 \| 00,079,416 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/20 21:23:22 \| 00,342,584 \| ---- \| M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 21:23:21 \| 00,422,968 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 21:23:21 \| 00,102,968 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 21:23:21 \| 00,045,112 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 21:23:20 \| 02,225,664 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2008/01/20 21:23:20 \| 00,238,648 \| ---- \| M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2007/12/04 16:10:30 \| 00,016,640 \| ---- \| M] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2007/10/31 20:51:26 \| 00,985,600 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007/10/31 20:47:54 \| 00,208,896 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007/10/31 20:47:08 \| 00,661,504 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007/10/17 18:36:54 \| 00,008,704 \| ---- \| M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/06/18 19:12:04 \| 00,016,768 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/03/22 11:57:14 \| 00,028,672 \| --S- \| M] (Gteko Ltd.) -- C:\WINDOWS\System32\drivers\elagopro.sys -- (elagopro) DRV - [2007/03/22 11:57:14 \| 00,005,376 \| --S- \| M] (Gteko Ltd.) -- C:\WINDOWS\System32\drivers\elaunidr.sys -- (elaunidr) DRV - [2006/11/02 04:50:35 \| 00,106,088 \| ---- \| M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 04:50:35 \| 00,098,408 \| ---- \| M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 04:50:19 \| 00,045,160 \| ---- \| M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 04:50:17 \| 00,041,576 \| ---- \| M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 04:50:11 \| 00,071,272 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 04:50:09 \| 00,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 04:50:07 \| 00,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 04:50:05 \| 00,035,944 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 04:50:03 \| 00,034,920 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 04:49:59 \| 00,033,384 \| ---- \| M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 04:49:56 \| 00,031,848 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 03:25:24 \| 00,071,808 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) DRV - [2006/11/02 03:24:47 \| 00,011,904 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 03:24:46 \| 00,005,248 \| ---- \| M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 03:24:45 \| 00,013,568 \| ---- \| M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 03:24:44 \| 00,062,336 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 03:24:44 \| 00,012,160 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 02:36:50 \| 00,020,608 \| ---- \| M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 02:30:56 \| 00,194,048 \| ---- \| M] (Marvell) -- C:\WINDOWS\System32\drivers\yk60x86.sys -- (yukonwlh) DRV - [2006/11/02 01:37:21 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006/06/18 17:26:58 \| 00,012,672 \| ---- \| M] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys -- (mdmxsdk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\..\URLSearchHook: {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crazickforums.com/index.php?sid...7d5c925f0493b81 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.5.2.2 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {0B6B0D55-DFAC-4006-AEE6-25667F55A2A8}:8.12 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.65 FF - prefs.js..network.proxy.no_proxies_on: ".local" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 02:01:03 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/12 20:25:24 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/13 06:02:21 \| 00,000,000 \| ---D \| M] [2009/07/18 11:54:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Extensions [2009/07/18 11:54:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/07 16:55:41 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions [2009/07/18 12:05:11 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\{0B6B0D55-DFAC-4006-AEE6-25667F55A2A8} [2009/07/18 11:58:08 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/07/18 17:57:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2009/07/27 13:23:41 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/07/18 11:58:09 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\anycolor.pavlos256@gmail.com [2009/07/18 17:53:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\autopager@mozilla.org [2009/08/11 10:35:13 \| 00,000,000 \| ---D \| M] -- C:\Users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\battlefieldheroespatcher@ea.com [2009/07/18 14:00:32 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009/07/18 11:53:42 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/07/18 14:00:32 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/07/15 15:30:53 \| 00,023,544 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/07/15 15:30:54 \| 00,137,208 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/05/21 10:33:58 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/10/13 06:02:19 \| 00,024,684 \| ---- \| M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll [2009/07/15 15:30:55 \| 00,065,016 \| ---- \| M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/08/14 11:04:47 \| 00,238,776 \| ---- \| M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2009/07/25 19:11:03 \| 00,221,184 \| ---- \| M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll [2009/07/15 13:10:00 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/07/15 13:10:00 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/07/15 13:10:00 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/07/15 13:10:00 \| 00,002,344 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/07/15 13:10:00 \| 00,002,371 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/07/15 13:10:00 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/07/15 13:10:00 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (761 bytes) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &Search - File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0d32d1ea-230b-11de-ab15-001f1657800a}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O33 - MountPoints2\{e125049d-0b42-11de-9432-001f1657800a}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/07 16:44:58 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\Documents\Pamela Call Recordings [2009/11/07 16:28:01 \| 00,000,000 \| --SD \| C] -- C:\Gotcha [2009/11/07 15:43:13 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2009/11/07 15:43:13 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\Windows\SWREG.exe [2009/11/07 15:43:13 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\Windows\SWSC.exe [2009/11/07 15:43:13 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\Windows\NIRCMD.exe [2009/11/07 15:43:00 \| 00,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2009/11/07 15:38:51 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/11/07 15:16:31 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/11/07 14:56:40 \| 00,000,000 \| ---D \| C] -- C:\Avenger [2009/11/07 12:56:18 \| 00,023,552 \| ---- \| C] (defrag Development Team) -- C:\Windows\System32\drivers\dfg.sys [2009/11/07 12:56:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files\PC Doc Pro v5 [2009/11/07 08:31:49 \| 00,000,000 \| ---D \| C] -- C:\.jagex_cache_32 [2009/11/07 08:19:32 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/11/07 08:19:31 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/11/07 08:19:31 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/07 08:19:31 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/07 08:19:31 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/06 16:35:17 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\Documents\Adobe [2009/11/06 16:11:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Adobe Media Player [2009/11/06 16:09:22 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe AIR [2009/11/05 19:59:21 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\Desktop\Pro Scores [2009/11/05 03:38:12 \| 00,000,000 \| ---D \| C] -- C:\Program Files\LogMeIn Hamachi [2009/11/04 14:16:07 \| 03,584,000 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/11/04 14:16:06 \| 01,383,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/11/03 15:52:59 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\Documents\CyberLink [2009/11/01 08:24:02 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\TortoiseSVN [2009/10/31 15:25:02 \| 00,000,000 \| ---D \| C] -- C:\Users\Public\Documents\DAEMON Tools Images [2009/10/31 14:21:36 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\Simply Super Software [2009/10/31 14:20:52 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\Documents\Simply Super Software [2009/10/31 14:19:28 \| 00,069,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2009/10/31 14:19:26 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Simply Super Software [2009/10/31 14:19:26 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Simply Super Software [2009/10/31 14:19:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trojan Remover [2009/10/31 14:15:18 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\SEGA [2009/10/31 14:09:44 \| 00,064,288 \| ---- \| C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2009/10/31 14:09:22 \| 00,093,360 \| ---- \| C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2009/10/31 14:07:27 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/10/31 14:07:27 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/10/31 14:01:34 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\DAEMON Tools Lite [2009/10/31 14:01:34 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\DAEMON Tools Lite [2009/10/29 16:26:13 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\BitTorrent [2009/10/29 16:26:08 \| 00,000,000 \| ---D \| C] -- C:\Program Files\BitTorrent [2009/10/29 14:36:08 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Local\Sony [2009/10/29 06:05:35 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\FLEXnet [2009/10/29 06:05:35 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\FLEXnet [2009/10/28 20:21:05 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Macrovision Shared [2009/10/28 19:27:26 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\Vso [2009/10/28 19:26:14 \| 00,094,208 \| ---- \| C] (VSO Software) -- C:\Windows\System32\drivers\ezplay.sys [2009/10/28 19:24:57 \| 00,047,360 \| ---- \| C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys [2009/10/28 19:24:54 \| 00,000,000 \| ---D \| C] -- C:\Program Files\VSO [2009/10/28 18:53:28 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\Documents\Camtasia Studio [2009/10/28 18:43:14 \| 00,107,864 \| ---- \| C] (TechSmith Corporation) -- C:\Windows\System32\tsccvid.dll [2009/10/28 18:43:13 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\QuickTime [2009/10/28 18:42:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\TechSmith [2009/10/28 18:42:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\TechSmith [2009/10/28 18:41:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\TechSmith Shared [2009/10/28 18:41:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\TechSmith [2009/10/28 18:32:41 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\Desktop\Adobe CS3 [2009/10/27 15:20:38 \| 10,626,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll [2009/10/27 15:20:33 \| 00,310,784 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2009/10/27 15:20:29 \| 08,147,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009/10/26 14:44:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft [2009/10/26 14:44:40 \| 00,000,000 \| ---D \| C] -- C:\Users\Public\Documents\microsoft [2009/10/26 14:44:33 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Live SkyDrive [2009/10/26 14:44:12 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Live [2009/10/26 14:22:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Windows Live [2009/10/14 16:24:57 \| 00,213,504 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll [2009/10/14 16:24:40 \| 00,146,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/10/14 16:24:39 \| 01,174,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/10/14 16:24:39 \| 00,833,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/10/14 16:24:38 \| 06,069,248 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/10/14 16:24:37 \| 00,380,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2009/10/14 16:24:36 \| 00,270,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/10/14 16:24:35 \| 00,458,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/10/14 16:24:35 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/10/14 16:24:35 \| 00,230,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/10/14 16:24:34 \| 00,671,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/10/14 16:24:34 \| 00,389,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/10/14 16:24:34 \| 00,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/10/14 16:24:34 \| 00,028,160 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/10/14 16:24:34 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/10/14 16:23:58 \| 03,599,960 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2009/10/14 16:23:57 \| 03,547,736 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2009/10/14 16:23:29 \| 00,428,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2009/10/14 16:23:28 \| 00,217,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2009/10/14 16:23:27 \| 00,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2009/10/14 16:23:27 \| 00,177,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2009/10/14 16:23:26 \| 00,080,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2009/10/14 16:18:12 \| 00,061,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll [2009/10/14 16:18:06 \| 00,144,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys [2009/10/14 16:17:55 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2009/10/14 14:05:29 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Linksys EasyLink Advisor [2009/10/13 14:34:42 \| 00,026,176 \| -H-- \| C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2009/10/13 06:02:21 \| 00,028,672 \| ---- \| C] (FunWebProducts.com) -- C:\Windows\System32\f3PSSavr.scr [2009/10/12 20:24:45 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Conduit [2009/10/12 20:12:10 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\AVS4YOU [2009/10/12 20:12:09 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\AVS4YOU [2009/10/12 20:12:09 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\AVS4YOU [2009/10/12 20:10:05 \| 00,974,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll [2009/10/12 20:10:05 \| 00,487,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll [2009/10/12 20:10:05 \| 00,344,064 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll [2009/10/12 20:10:05 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\AVSMedia [2009/10/12 20:10:04 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AVS4YOU [2009/10/11 10:46:22 \| 00,170,496 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2009/10/11 10:46:22 \| 00,022,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2009/10/11 10:45:17 \| 00,058,248 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll [2009/10/11 10:44:47 \| 00,103,816 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll [2009/10/11 10:44:47 \| 00,069,000 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll [2009/10/11 10:44:26 \| 00,035,208 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll [2009/10/11 10:44:10 \| 01,221,512 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll [2009/10/11 10:44:10 \| 00,109,960 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll [2009/10/11 10:43:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Zone Labs [2009/10/11 10:43:57 \| 00,309,128 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll [2009/10/11 10:43:55 \| 00,107,912 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll [2009/10/11 10:43:46 \| 00,110,472 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll [2009/10/11 10:42:02 \| 00,293,528 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys [2009/10/11 10:42:02 \| 00,000,000 \| ---D \| C] -- C:\Windows\System32\ZoneLabs [2009/10/11 10:41:20 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\CheckPoint [2009/10/11 10:41:20 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\CheckPoint [2009/10/11 10:41:15 \| 00,482,184 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll [2009/10/11 10:41:15 \| 00,229,256 \| ---- \| C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll [2009/10/11 10:41:00 \| 00,000,000 \| ---D \| C] -- C:\Windows\Internet Logs [2009/10/10 18:27:48 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\JGsoft [2009/10/10 18:27:01 \| 00,068,232 \| ---- \| C] (JGsoft - Just Great Software) -- C:\Windows\UnDeployV.exe [2009/10/10 18:27:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\JGsoft [2009/10/10 18:18:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files\SIL [2009/10/10 18:18:47 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\SIL [2009/10/10 18:18:32 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\SIL [2009/10/10 18:18:32 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\SIL [2009/10/10 17:17:52 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\Desktop\RSPS banner [2009/10/10 13:21:51 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\DJJava [2009/10/10 12:55:19 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Protexis [2009/10/10 12:55:19 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Protexis [2009/10/10 12:54:50 \| 00,000,000 \| ---D \| C] -- C:\Program Files\decomp [2009/10/10 11:17:24 \| 00,000,000 \| ---D \| C] -- C:\Users\Bluhm Bros\AppData\Roaming\Wings3D ========== Files - Modified Within 30 Days ========== [2009/11/07 16:57:13 \| 02,621,440 \| -HS- \| M] () -- C:\Users\Bluhm Bros\ntuser.dat [2009/11/07 16:49:23 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/11/07 16:49:23 \| 00,595,684 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/11/07 16:49:23 \| 00,101,350 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/11/07 16:45:02 \| 00,000,000 \| ---- \| M] () -- C:\Users\Bluhm Bros\.buddyradar.lock [2009/11/07 16:43:54 \| 00,000,214 \| ---- \| M] () -- C:\ProgramData\hpqp.ini [2009/11/07 16:43:54 \| 00,000,214 \| ---- \| M] () -- C:\ProgramData\hpqp.ini [2009/11/07 16:42:54 \| 00,350,192 \| -H-- \| M] () -- C:\Windows\System32\drivers\vsconfig.xml [2009/11/07 16:42:54 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/07 16:42:52 \| 00,097,692 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2009/11/07 16:42:52 \| 00,097,692 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2009/11/07 16:42:51 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/07 16:42:51 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/07 16:42:38 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/07 16:42:30 \| 29,511,35232 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/07 16:36:35 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Bluhm Bros\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009/11/07 16:36:35 \| 00,065,536 \| -HS- \| M] () -- C:\Users\Bluhm Bros\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009/11/07 16:32:14 \| 00,008,268 \| ---- \| M] () -- C:\Users\Bluhm Bros\AppData\Local\d3d9caps.dat [2009/11/07 16:04:52 \| 00,031,744 \| ---- \| M] () -- C:\Users\Bluhm Bros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/07 15:37:50 \| 00,000,858 \| ---- \| M] () -- C:\Users\Bluhm Bros\Desktop\Gotcha - Shortcut.lnk [2009/11/07 15:34:36 \| 00,000,000 \| R--- \| M] () -- C:\Windows\win32k.sys [2009/11/07 15:13:29 \| 00,001,242 \| RHS- \| M] () -- C:\Users\Bluhm Bros\ntuser.pol [2009/11/07 14:54:27 \| 02,402,603 \| -H-- \| M] () -- C:\Users\Bluhm Bros\AppData\Local\IconCache.db [2009/11/07 14:43:43 \| 00,000,145 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\fix.bat [2009/11/07 12:00:14 \| 00,047,616 \| ---- \| M] () -- C:\Users\Bluhm Bros\Desktop\Win32kDiag.exe [2009/11/07 11:54:15 \| 00,000,000 \| ---- \| M] () -- C:\Users\Bluhm Bros\Desktop\settings.dat [2009/11/07 08:36:05 \| 00,000,063 \| ---- \| M] () -- C:\Users\Bluhm Bros\jagex_runescape_preferences2.dat [2009/11/07 08:33:12 \| 00,000,038 \| ---- \| M] () -- C:\Users\Bluhm Bros\jagex_runescape_preferences.dat [2009/11/07 08:22:31 \| 00,000,818 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/07 08:14:18 \| 00,000,472 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/11/07 08:12:33 \| 00,000,012 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2009/11/06 18:13:54 \| 02,434,280 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/11/06 16:52:35 \| 00,097,692 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2009/11/06 16:52:35 \| 00,097,692 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2009/11/06 16:34:48 \| 00,081,448 \| ---- \| M] () -- C:\Users\Bluhm Bros\AppData\Local\GDIPFONTCACHEV1.DAT [2009/11/06 10:53:52 \| 00,267,264 \| ---- \| M] () -- C:\Windows\PEV.exe [2009/11/05 03:38:13 \| 00,000,807 \| ---- \| M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2009/11/03 16:03:30 \| 00,921,654 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\Snapshot.bmp [2009/11/03 15:50:26 \| 00,002,089 \| ---- \| M] () -- C:\Users\Bluhm Bros\Desktop\CyberLink PowerDirector.lnk [2009/11/03 15:47:41 \| 00,000,342 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForBluhm Bros.job [2009/11/02 20:49:30 \| 05,718,016 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\capture-5.camrec [2009/11/02 20:44:53 \| 06,180,864 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\capture-4.camrec [2009/11/02 20:42:06 \| 00,195,456 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2009/11/01 21:02:38 \| 00,000,169 \| ---- \| M] () -- C:\Users\Bluhm Bros\AppData\Roaming\RSBot Accounts.ini [2009/11/01 08:58:10 \| 01,204,224 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\capture-3.camrec [2009/11/01 08:56:57 \| 12,562,432 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\capture-2.camrec [2009/11/01 08:50:01 \| 18,350,080 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\capture-1.camrec [2009/10/31 14:09:21 \| 00,093,360 \| ---- \| M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2009/10/31 14:07:20 \| 00,001,007 \| ---- \| M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2009/10/28 19:45:11 \| 00,721,904 \| ---- \| M] () -- C:\Windows\System32\drivers\sptd.sys [2009/10/28 19:26:14 \| 00,094,208 \| ---- \| M] (VSO Software) -- C:\Windows\System32\drivers\ezplay.sys [2009/10/28 19:24:57 \| 00,047,360 \| ---- \| M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys [2009/10/28 19:01:58 \| 00,336,408 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\Letter to The Editor.docx [2009/10/28 18:42:50 \| 00,001,033 \| ---- \| M] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk [2009/10/27 20:21:17 \| 00,136,304 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\Daily Fortune.docx [2009/10/27 20:05:29 \| 00,030,185 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\Local News.docx [2009/10/25 19:48:43 \| 00,199,185 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\Theatre News.docx [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\Windows\MBR.exe [2009/10/24 18:13:23 \| 00,014,732 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\Chariot Advertisements.docx [2009/10/19 09:25:09 \| 03,584,000 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/10/16 15:28:18 \| 00,012,226 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\SPORTS.docx [2009/10/13 06:02:19 \| 00,028,672 \| ---- \| M] (FunWebProducts.com) -- C:\Windows\System32\f3PSSavr.scr [2009/10/12 20:23:12 \| 00,499,572 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0057.swf0001.avi [2009/10/10 18:27:01 \| 00,001,119 \| ---- \| M] () -- C:\Users\Public\Desktop\EditPad Lite.lnk [2009/10/10 12:54:52 \| 00,001,704 \| ---- \| M] () -- C:\Users\Public\Desktop\DJ Java Decompiler 3.11.lnk [2009/10/09 20:58:38 \| 01,685,886 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0057.avi [2009/10/09 20:53:30 \| 05,764,296 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0056.avi [2009/10/09 20:48:34 \| 01,652,546 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0055.avi [2009/10/09 20:46:04 \| 02,419,190 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0054.avi [2009/10/08 19:45:20 \| 02,994,538 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0053.avi [2009/10/08 19:43:55 \| 03,662,238 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0052.avi [2009/10/08 19:41:48 \| 05,888,852 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0051.avi [2009/10/08 19:36:07 \| 02,169,292 \| ---- \| M] () -- C:\Users\Bluhm Bros\Documents\clip0050.avi ========== Files Created - No Company Name ========== [2009/11/07 16:45:02 \| 00,000,000 \| ---- \| C] () -- C:\Users\Bluhm Bros\.buddyradar.lock [2009/11/07 16:42:30 \| 29,511,35232 \| -HS- \| C] () -- C:\hiberfil.sys [2009/11/07 15:43:13 \| 00,267,264 \| ---- \| C] () -- C:\Windows\PEV.exe [2009/11/07 15:43:13 \| 00,098,816 \| ---- \| C] () -- C:\Windows\sed.exe [2009/11/07 15:43:13 \| 00,080,412 \| ---- \| C] () -- C:\Windows\grep.exe [2009/11/07 15:43:13 \| 00,077,312 \| ---- \| C] () -- C:\Windows\MBR.exe [2009/11/07 15:43:13 \| 00,068,096 \| ---- \| C] () -- C:\Windows\zip.exe [2009/11/07 15:37:50 \| 00,000,858 \| ---- \| C] () -- C:\Users\Bluhm Bros\Desktop\Gotcha - Shortcut.lnk [2009/11/07 15:18:25 \| 00,000,000 \| R--- \| C] () -- C:\Windows\win32k.sys [2009/11/07 14:48:39 \| 00,731,136 \| ---- \| C] () -- C:\Users\Bluhm Bros\Desktop\avenger.exe [2009/11/07 14:43:43 \| 00,000,145 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\fix.bat [2009/11/07 12:00:13 \| 00,047,616 \| ---- \| C] () -- C:\Users\Bluhm Bros\Desktop\Win32kDiag.exe [2009/11/07 11:54:15 \| 00,000,000 \| ---- \| C] () -- C:\Users\Bluhm Bros\Desktop\settings.dat [2009/11/07 11:53:56 \| 00,472,064 \| ---- \| C] () -- C:\Users\Bluhm Bros\Desktop\RootRepeal.exe [2009/11/07 08:33:11 \| 00,000,063 \| ---- \| C] () -- C:\Users\Bluhm Bros\jagex_runescape_preferences2.dat [2009/11/07 08:31:50 \| 00,000,038 \| ---- \| C] () -- C:\Users\Bluhm Bros\jagex_runescape_preferences.dat [2009/11/07 08:19:35 \| 00,000,818 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/03 16:03:30 \| 00,921,654 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\Snapshot.bmp [2009/11/03 15:37:31 \| 00,002,089 \| ---- \| C] () -- C:\Users\Bluhm Bros\Desktop\CyberLink PowerDirector.lnk [2009/11/02 20:49:30 \| 05,718,016 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\capture-5.camrec [2009/11/02 20:44:49 \| 06,180,864 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\capture-4.camrec [2009/11/01 08:58:10 \| 01,204,224 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\capture-3.camrec [2009/11/01 08:56:46 \| 12,562,432 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\capture-2.camrec [2009/11/01 08:50:01 \| 18,350,080 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\capture-1.camrec [2009/10/31 14:19:28 \| 00,162,304 \| ---- \| C] () -- C:\Windows\System32\ztvunrar36.dll [2009/10/31 14:19:28 \| 00,153,088 \| ---- \| C] () -- C:\Windows\System32\UNRAR3.dll [2009/10/31 14:19:28 \| 00,077,312 \| ---- \| C] () -- C:\Windows\System32\ztvunace26.dll [2009/10/31 14:19:28 \| 00,075,264 \| ---- \| C] () -- C:\Windows\System32\unacev2.dll [2009/10/31 14:07:20 \| 00,001,007 \| ---- \| C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2009/10/28 19:45:09 \| 00,721,904 \| ---- \| C] () -- C:\Windows\System32\drivers\sptd.sys [2009/10/28 19:01:56 \| 00,336,408 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\Letter to The Editor.docx [2009/10/28 18:42:50 \| 00,001,033 \| ---- \| C] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk [2009/10/27 20:21:17 \| 00,136,304 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\Daily Fortune.docx [2009/10/27 20:05:28 \| 00,030,185 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\Local News.docx [2009/10/25 19:48:42 \| 00,199,185 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\Theatre News.docx [2009/10/24 18:13:22 \| 00,014,732 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\Chariot Advertisements.docx [2009/10/17 14:18:55 \| 00,000,807 \| ---- \| C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2009/10/12 20:23:09 \| 00,499,572 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0057.swf0001.avi [2009/10/11 10:53:33 \| 00,012,226 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\SPORTS.docx [2009/10/11 10:42:02 \| 00,350,192 \| -H-- \| C] () -- C:\Windows\System32\drivers\vsconfig.xml [2009/10/10 18:27:01 \| 00,001,119 \| ---- \| C] () -- C:\Users\Public\Desktop\EditPad Lite.lnk [2009/10/10 12:54:52 \| 00,001,704 \| ---- \| C] () -- C:\Users\Public\Desktop\DJ Java Decompiler 3.11.lnk [2009/10/09 20:57:55 \| 01,685,886 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0057.avi [2009/10/09 20:50:02 \| 05,764,296 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0056.avi [2009/10/09 20:47:38 \| 01,652,546 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0055.avi [2009/10/09 20:44:26 \| 02,419,190 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0054.avi [2009/10/08 19:44:17 \| 02,994,538 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0053.avi [2009/10/08 19:43:22 \| 03,662,238 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0052.avi [2009/10/08 19:40:13 \| 05,888,852 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0051.avi [2009/10/08 19:35:15 \| 02,169,292 \| ---- \| C] () -- C:\Users\Bluhm Bros\Documents\clip0050.avi [2009/09/27 08:12:15 \| 00,000,169 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Roaming\RSBot Accounts.ini [2009/09/12 15:41:45 \| 00,007,680 \| ---- \| C] () -- C:\Windows\System32\ff_vfw.dll [2009/09/12 15:41:45 \| 00,000,547 \| ---- \| C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009/08/11 10:45:26 \| 00,138,520 \| ---- \| C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009/08/08 08:19:35 \| 00,056,320 \| ---- \| C] () -- C:\Windows\System32\iyvu9_32.dll [2009/07/01 11:50:11 \| 02,402,603 \| -H-- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\IconCache.db [2009/05/14 16:44:59 \| 00,057,856 \| ---- \| C] () -- C:\Windows\Fce32.dll [2009/05/14 16:44:57 \| 00,092,672 \| ---- \| C] () -- C:\Windows\System32\See32.dll [2009/05/14 16:44:57 \| 00,057,856 \| ---- \| C] () -- C:\Windows\System32\Fce32.dll [2009/04/01 06:28:38 \| 00,008,268 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\d3d9caps.dat [2009/03/14 09:31:59 \| 00,000,392 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Roaming\wklnhst.dat [2009/03/13 20:28:13 \| 00,000,006 \| -HS- \| C] () -- C:\Users\Bluhm Bros\AppData\Roaming\desktop.ini [2009/03/13 20:28:13 \| 00,000,006 \| -HS- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\desktop.ini [2009/03/11 15:05:10 \| 00,000,972 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Roaming\XAddonManager.plist [2009/03/07 08:03:36 \| 00,097,692 \| ---- \| C] () -- C:\ProgramData\nvModes.001 [2009/03/07 07:57:46 \| 00,097,692 \| ---- \| C] () -- C:\ProgramData\nvModes.dat [2009/03/06 17:56:34 \| 00,000,045 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\x-plane_install.txt [2009/03/06 15:46:08 \| 00,031,744 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/06 15:31:28 \| 00,000,000 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\QSwitch.txt [2009/03/06 15:31:28 \| 00,000,000 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\DSwitch.txt [2009/03/06 15:31:28 \| 00,000,000 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\AtStart.txt [2009/03/06 15:31:17 \| 00,081,448 \| ---- \| C] () -- C:\Users\Bluhm Bros\AppData\Local\GDIPFONTCACHEV1.DAT [2009/02/18 11:39:15 \| 00,000,021 \| ---- \| C] () -- C:\ProgramData\hpqp.txt [2009/01/08 20:04:19 \| 00,000,105 \| ---- \| C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2009/01/08 20:04:06 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009/01/08 20:03:35 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2009/01/08 20:02:55 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009/01/08 20:01:26 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2009/01/08 20:00:46 \| 00,000,214 \| ---- \| C] () -- C:\ProgramData\hpqp.ini [2008/10/28 08:53:44 \| 00,000,109 \| ---- \| C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2008/10/28 08:47:35 \| 00,000,110 \| ---- \| C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2008/10/28 08:45:26 \| 00,000,105 \| ---- \| C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2008/10/28 08:43:55 \| 00,000,107 \| ---- \| C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2008/01/20 21:23:00 \| 00,021,560 \| ---- \| C] () -- C:\Windows\System32\drivers\atapi.sys [2006/11/02 07:50:50 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files\desktop.ini [2006/11/02 07:37:35 \| 00,030,808 \| ---- \| C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 07:37:35 \| 00,029,779 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 07:37:35 \| 00,026,489 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 07:37:35 \| 00,026,040 \| ---- \| C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 07:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 05:23:31 \| 00,000,144 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 03:43:04 \| 00,061,952 \| ---- \| C] () -- C:\Windows\System32\cngaudit.dll [2006/11/02 02:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2006/03/09 04:58:00 \| 01,060,424 \| ---- \| C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:CB0AACC9 @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0049.gif.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0048.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0047.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0046.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0045.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0044.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0043.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0042.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0041.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0040.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0039.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0038.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0031.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0006.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0005.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0004.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Bluhm Bros\Documents\clip0003.avi:TOC.WMV < End of report >

Essexboy View Member Profile	Nov 7 2009, 04:08 PM Post #35
GeekU Moderator Posts: 19,158 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	OK looks like combofix ran but failed to produce a log - So I would like you (yet again ) run Combofix it should be a lot faster this time. What are your problems now ?

onkaloonka View Member Profile	Nov 7 2009, 04:10 PM Post #36
Member Posts: 57 From: USA :) OS: Vista home premium	No probs at the moment, getting redirections with google though. Do I run combofix, then run it again in safemode?

Essexboy View Member Profile	Nov 7 2009, 04:13 PM Post #37
GeekU Moderator Posts: 19,158 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	No normal mode should do - and that will take away the final baddie that OTL could not shift

onkaloonka View Member Profile	Nov 7 2009, 04:15 PM Post #38
Member Posts: 57 From: USA :) OS: Vista home premium	Alrite good I will post the report when it is complete.

onkaloonka View Member Profile	Nov 7 2009, 04:49 PM Post #39
Member Posts: 57 From: USA :) OS: Vista home premium	It now says Preparing Log report. Do not run any programs until combofix has finished. Does this mean its done?

Essexboy View Member Profile	Nov 7 2009, 04:52 PM Post #40
GeekU Moderator Posts: 19,158 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Yep it may take up to 5 minutes to prepare the logfile

Essexboy View Member Profile	Nov 7 2009, 04:54 PM Post #41
GeekU Moderator Posts: 19,158 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	I am going offline now - I will look at the logs first thing tomorrow Also let me know of any problems once combofix has finished

onkaloonka View Member Profile	Nov 7 2009, 04:55 PM Post #42
Member Posts: 57 From: USA :) OS: Vista home premium	Well its been like 10, and the blue box with: Preparing Log report. Do not run any programs until combofix has finished. Is it still preparing it?

onkaloonka View Member Profile	Nov 7 2009, 05:03 PM Post #43
Member Posts: 57 From: USA :) OS: Vista home premium	Aha finnaly, Here's the log: CODE ComboFix 09-11-07.02 - Bluhm Bros 11/07/2009 17:16.1.2 - NTFSx86 Running from: c:\users\Bluhm Bros\Downloads\Gotcha.exe FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Lavasoft Ad-Watch Live! disabled (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware enabled (Outdated) {F245A209-1085-48B4-B927-35D56015EC60} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-188546920-981745825-3816520981-500 c:\users\Administrator.BluhmBros-PC\AppData\Roaming\inst.exe c:\windows\system32\f3PSSavr.scr Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 ))))))))))))))))))))))))))))))) . 2009-11-07 22:41 . 2009-11-07 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-07 22:41 . 2009-11-07 22:41 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Local\temp 2009-11-07 20:18 . 2009-11-07 20:34 0 ----a-r- c:\windows\win32k.sys 2009-11-07 20:16 . 2009-11-07 20:16 -------- d-----w- C:\_OTL 2009-11-07 17:56 . 2009-11-07 17:56 4096 d-----w- c:\program files\PC Doc Pro v5 2009-11-07 17:56 . 2009-01-31 08:59 23552 ----a-w- c:\windows\system32\drivers\dfg.sys 2009-11-07 13:33 . 2009-11-07 13:36 63 ----a-w- c:\users\Bluhm Bros\jagex_runescape_preferences2.dat 2009-11-07 13:31 . 2009-11-07 13:33 38 ----a-w- c:\users\Bluhm Bros\jagex_runescape_preferences.dat 2009-11-07 13:31 . 2009-11-07 13:34 -------- d-----w- C:\.jagex_cache_32 2009-11-07 13:19 . 2009-11-07 13:19 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\Malwarebytes 2009-11-07 13:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-07 13:19 . 2009-11-07 13:22 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-07 13:19 . 2009-11-07 13:19 -------- d-----w- c:\programdata\Malwarebytes 2009-11-07 13:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-06 22:07 . 2009-11-05 22:18 37176 ----a-w- c:\users\Bluhm Bros\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-11-06 21:11 . 2009-11-06 21:11 4096 d-----w- c:\program files\Adobe Media Player 2009-11-06 21:09 . 2009-11-06 21:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-11-05 08:38 . 2009-11-05 08:38 4096 d-----w- c:\program files\LogMeIn Hamachi 2009-11-01 13:24 . 2009-11-01 13:24 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\TortoiseSVN 2009-10-31 19:25 . 2009-10-31 19:25 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\AVG8 2009-10-31 19:21 . 2009-10-31 19:21 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Simply Super Software 2009-10-31 19:19 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-10-31 19:19 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-10-31 19:19 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-10-31 19:19 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-10-31 19:19 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-10-31 19:19 . 2009-10-31 19:19 4096 d-----w- c:\program files\Trojan Remover 2009-10-31 19:19 . 2009-10-31 19:19 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\Simply Super Software 2009-10-31 19:19 . 2009-10-31 19:19 -------- d-----w- c:\programdata\Simply Super Software 2009-10-31 19:15 . 2009-11-07 12:48 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\SEGA 2009-10-31 19:09 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-31 19:09 . 2009-10-31 19:09 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-10-31 19:09 . 2009-10-31 19:09 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys 2009-10-31 19:09 . 2009-10-31 19:09 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll 2009-10-31 19:09 . 2009-10-31 19:09 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll 2009-10-31 19:09 . 2009-10-31 19:09 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll 2009-10-31 19:09 . 2009-10-31 19:09 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll 2009-10-31 19:09 . 2009-10-31 19:09 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll 2009-10-31 19:09 . 2009-10-31 19:09 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll 2009-10-31 19:07 . 2009-10-31 19:07 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-31 19:07 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-10-31 19:01 . 2009-10-31 19:01 -------- d-----w- c:\programdata\DAEMON Tools Lite 2009-10-29 21:26 . 2009-11-07 12:43 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\BitTorrent 2009-10-29 21:26 . 2009-10-29 21:26 -------- d-----w- c:\program files\BitTorrent 2009-10-29 19:48 . 2009-10-29 19:49 96256 --sh--w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\install.config.exe 2009-10-29 19:36 . 2009-10-29 19:36 -------- d-----w- c:\users\Bluhm Bros\AppData\Local\Sony 2009-10-29 11:05 . 2009-10-29 11:05 -------- d-----w- c:\programdata\FLEXnet 2009-10-29 01:21 . 2009-10-29 01:21 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-10-29 00:45 . 2009-10-29 00:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-10-29 00:44 . 2009-10-31 19:05 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\DAEMON Tools Lite 2009-10-29 00:27 . 2009-10-29 00:31 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Vso 2009-10-29 00:26 . 2009-10-29 00:26 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys 2009-10-29 00:26 . 2009-10-29 00:26 94208 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.sys 2009-10-29 00:24 . 2009-10-29 00:27 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\Vso 2009-10-29 00:24 . 2009-10-29 00:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-10-29 00:24 . 2009-10-29 00:24 47360 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.sys 2009-10-29 00:24 . 2009-10-29 00:24 -------- d-----w- c:\program files\VSO 2009-10-28 23:43 . 2008-07-10 17:56 107864 ----a-w- c:\windows\system32\tsccvid.dll 2009-10-28 23:43 . 2009-10-28 23:43 -------- d-----w- c:\windows\system32\QuickTime 2009-10-28 23:42 . 2009-10-28 23:42 -------- d-----w- c:\programdata\TechSmith 2009-10-28 23:41 . 2009-10-28 23:41 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2009-10-28 23:41 . 2009-10-28 23:41 -------- d-----w- c:\program files\TechSmith 2009-10-28 07:06 . 2009-10-28 07:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2009-10-27 20:20 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-27 20:20 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-26 19:44 . 2009-10-26 19:44 -------- d-----w- c:\program files\Microsoft 2009-10-26 19:44 . 2009-10-26 19:44 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-10-26 19:44 . 2009-10-26 19:44 -------- d-----w- c:\program files\Windows Live 2009-10-26 19:22 . 2009-10-26 19:22 -------- d-----w- c:\program files\Common Files\Windows Live 2009-10-16 00:51 . 2009-10-16 00:51 0 ----a-w- c:\users\Bluhm Bros\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2009-10-14 21:23 . 2009-08-05 17:15 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-14 21:23 . 2009-08-05 17:15 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-14 21:23 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-10-14 21:23 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-10-14 21:18 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-10-14 21:18 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-14 21:17 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-14 19:05 . 2009-10-14 19:05 -------- d-----w- c:\program files\Linksys EasyLink Advisor 2009-10-13 19:34 . 2009-09-23 14:41 26176 ---ha-w- c:\windows\system32\hamachi.sys 2009-10-13 01:24 . 2009-10-13 01:24 -------- d-----w- c:\program files\Conduit 2009-10-13 01:24 . 2009-11-07 20:16 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Local\TempImages 2009-10-13 01:12 . 2009-10-13 01:12 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\AVS4YOU 2009-10-13 01:12 . 2009-10-13 01:12 -------- d-----w- c:\programdata\AVS4YOU 2009-10-13 01:10 . 2009-10-13 01:11 4096 d-----w- c:\program files\Common Files\AVSMedia 2009-10-13 01:10 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-10-13 01:10 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-10-13 01:10 . 2008-08-13 15:22 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-10-13 01:10 . 2009-10-13 01:11 4096 d-----w- c:\program files\AVS4YOU 2009-10-12 21:45 . 2009-07-21 17:00 -------- d-----w- c:\users\Public\NON COMMERCIAL USE ONLY 2009-10-12 19:31 . 2009-10-12 21:54 -------- d-----w- c:\users\Public\New Folder (2) 2009-10-11 15:46 . 2008-02-23 04:38 170496 ----a-w- c:\windows\system32\tcpipcfg.dll 2009-10-11 15:46 . 2008-02-23 02:41 22528 ----a-w- c:\windows\system32\netiougc.exe 2009-10-11 15:44 . 2009-02-16 04:10 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-10-11 15:44 . 2009-02-16 04:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-10-11 15:44 . 2009-02-16 04:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-10-11 15:43 . 2009-10-11 15:43 -------- d-----w- c:\program files\Zone Labs 2009-10-11 15:42 . 2009-10-11 15:45 8192 d-----w- c:\windows\system32\ZoneLabs 2009-10-11 15:42 . 2009-02-16 04:11 293528 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2009-10-11 15:41 . 2009-10-11 15:41 -------- d-----w- c:\programdata\CheckPoint 2009-10-11 15:41 . 2009-11-07 22:45 12288 d-----w- c:\windows\Internet Logs 2009-10-10 23:27 . 2009-10-10 23:27 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\JGsoft 2009-10-10 23:27 . 2009-10-10 23:27 -------- d-----w- c:\program files\JGsoft 2009-10-10 23:27 . 2009-06-19 07:20 68232 ----a-w- c:\windows\UnDeployV.exe 2009-10-10 23:18 . 2009-10-10 23:18 -------- d-----w- c:\program files\SIL 2009-10-10 23:18 . 2009-10-10 23:18 -------- d-----w- c:\program files\Common Files\SIL 2009-10-10 23:18 . 2009-10-10 23:18 -------- d-----w- c:\programdata\SIL 2009-10-10 18:21 . 2009-10-12 19:40 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\DJJava 2009-10-10 17:56 . 2009-10-10 17:56 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\DJJava 2009-10-10 17:55 . 2009-10-10 17:56 -------- d-----w- c:\programdata\Protexis 2009-10-10 17:54 . 2009-10-10 17:54 4096 d-----w- c:\program files\decomp 2009-10-10 16:17 . 2009-10-10 16:17 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Wings3D . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-07 22:44 . 2009-03-14 01:27 720 ----a-w- c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll 2009-11-07 22:44 . 2009-10-11 15:42 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-11-07 22:42 . 2009-06-11 17:36 4096 d-----w- c:\users\Bluhm Bros\AppData\Roaming\Skype 2009-11-07 22:09 . 2009-10-04 01:37 4096 d-----w- c:\users\Bluhm Bros\AppData\Roaming\uTorrent 2009-11-07 21:44 . 2009-06-23 11:49 12288 d-----w- c:\users\Bluhm Bros\AppData\Roaming\skypePM 2009-11-07 21:32 . 2009-04-01 11:28 8268 ----a-w- c:\users\Bluhm Bros\AppData\Local\d3d9caps.dat 2009-11-07 20:16 . 2009-07-01 13:20 12288 d-----w- c:\program files\Common Files\Akamai 2009-11-07 17:56 . 2009-04-07 00:21 81448 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2009-11-07 13:12 . 2008-10-28 12:09 12 ----a-w- c:\windows\bthservsdp.dat 2009-11-06 22:00 . 2008-10-28 12:32 8192 d--h--w- c:\program files\InstallShield Installation Information 2009-11-06 21:54 . 2009-07-07 12:53 12288 d-----w- c:\program files\Warcraft III 2009-11-06 21:52 . 2009-03-07 12:57 97692 ----a-w- c:\programdata\nvModes.dat 2009-11-06 21:34 . 2009-03-06 20:31 81448 ----a-w- c:\users\Bluhm Bros\AppData\Local\GDIPFONTCACHEV1.DAT 2009-11-06 21:13 . 2008-10-28 13:42 8192 d-----w- c:\program files\Common Files\Adobe 2009-11-06 12:30 . 2009-11-06 12:32 3547648 ----a-w- c:\windows\Internet Logs\xDBDF58.tmp 2009-11-06 12:30 . 2009-11-06 12:32 1533440 ----a-w- c:\windows\Internet Logs\xDBE091.tmp 2009-11-05 08:19 . 2009-10-14 19:31 1611205 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-11-03 21:06 . 2008-10-28 13:43 4096 d-----w- c:\programdata\CyberLink 2009-11-03 20:42 . 2009-03-19 01:17 4096 d-----w- c:\users\Bluhm Bros\AppData\Roaming\CyberLink 2009-11-03 20:31 . 2008-10-28 13:43 4096 d-----w- c:\program files\CyberLink 2009-11-03 12:36 . 2008-10-28 13:47 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe 2009-11-03 01:42 . 2009-10-02 23:59 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-31 19:37 . 2009-04-03 01:07 -------- d-----w- c:\program files\Common Files\AOL 2009-10-31 19:09 . 2009-07-13 12:29 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-10-31 19:09 . 2009-07-06 12:24 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-10-31 19:09 . 2009-05-30 12:01 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-10-31 19:09 . 2009-07-06 12:24 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-10-31 19:09 . 2009-07-06 12:24 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-10-31 19:09 . 2009-07-06 12:24 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-10-31 19:09 . 2009-07-13 12:29 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2009-10-31 19:08 . 2009-07-06 12:24 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll 2009-10-31 19:08 . 2009-07-13 12:29 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-10-31 19:08 . 2009-07-06 12:22 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-10-31 19:08 . 2009-07-06 12:22 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-10-31 19:08 . 2009-09-21 12:01 640608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-10-31 19:08 . 2009-07-06 12:21 815760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-10-31 19:08 . 2009-07-06 12:21 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-10-31 19:08 . 2009-07-06 12:20 1638104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-10-31 19:08 . 2009-07-06 12:19 788368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-10-31 19:08 . 2009-07-06 12:19 1179232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-10-31 11:49 . 2009-10-31 12:02 1494528 ----a-w- c:\windows\Internet Logs\xDB5246.tmp 2009-10-29 07:08 . 2008-10-28 13:35 8192 d-----w- c:\programdata\Microsoft Help 2009-10-29 00:52 . 2009-09-19 00:35 8192 d-----w- c:\users\Bluhm Bros\AppData\Roaming\FrostWire 2009-10-28 07:33 . 2008-10-28 13:55 4096 d-----w- c:\program files\Microsoft Silverlight 2009-10-28 07:32 . 2009-10-28 07:34 1494016 ----a-w- c:\windows\Internet Logs\xDB6684.tmp 2009-10-28 07:12 . 2008-10-28 13:23 28672 d-----w- c:\program files\Microsoft Works 2009-10-15 07:24 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-10-14 19:05 . 2009-03-11 15:12 -------- d--ha-w- c:\programdata\Gtek 2009-10-13 01:32 . 2009-07-02 20:04 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\gtk-2.0 2009-10-11 15:47 . 2009-09-18 22:55 -------- d-----w- c:\program files\AskBarDis 2009-10-04 13:22 . 2009-10-04 13:18 4096 d-----w- c:\program files\PFConfig 2009-10-04 01:37 . 2009-10-04 01:37 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\uTorrent 2009-10-04 01:37 . 2009-10-04 01:37 -------- d-----w- c:\program files\uTorrent 2009-10-04 00:51 . 2009-09-18 22:55 8192 d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\FrostWire 2009-10-03 22:57 . 2009-10-03 22:55 -------- d-----w- c:\program files\Src 2009-09-23 14:41 . 2009-09-23 14:41 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys 2009-09-21 12:01 . 2009-09-21 12:01 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll 2009-09-21 12:01 . 2009-03-07 13:01 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys 2009-09-21 12:01 . 2009-03-07 13:01 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe 2009-09-21 12:01 . 2009-07-06 12:20 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-09-20 17:13 . 2009-09-20 17:13 -------- d-----w- c:\program files\Unity 2009-09-18 23:20 . 2009-09-18 23:20 0 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2009-09-18 22:55 . 2009-09-18 22:55 24576 d-----w- c:\program files\FrostWire 2009-09-12 20:41 . 2009-09-12 20:41 4096 d-----w- c:\program files\TVersity Codec Pack 2009-09-12 20:41 . 2009-09-12 20:41 8192 d-----w- c:\program files\ffdshow 2009-09-10 17:30 . 2009-10-14 21:24 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 15:48 . 2009-09-20 00:34 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe 2009-09-10 15:48 . 2009-09-20 00:34 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll 2009-09-10 15:48 . 2009-09-20 00:34 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL 2009-08-28 12:39 . 2009-09-02 20:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-02 20:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 13:32 . 2009-10-14 21:24 833024 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 13:29 . 2009-10-14 21:24 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-27 10:58 . 2009-10-14 21:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 17:01 . 2009-09-09 20:53 900168 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 17:01 . 2009-09-09 20:53 220232 ----a-w- c:\windows\system32\drivers\netio.sys 2009-08-14 17:01 . 2009-09-09 20:53 98376 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2009-08-14 16:34 . 2009-08-14 16:34 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll 2009-08-14 16:34 . 2009-08-14 16:34 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll 2009-08-14 16:34 . 2009-08-14 16:34 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll 2009-08-14 16:34 . 2009-08-14 16:34 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll 2009-08-14 16:34 . 2009-08-14 16:34 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll 2009-08-14 16:34 . 2009-08-14 16:34 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe 2009-08-14 16:29 . 2009-09-09 20:53 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 16:29 . 2009-09-09 20:53 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 16:23 . 2009-09-09 20:53 438272 ----a-w- c:\windows\system32\IKEEXT.DLL 2009-08-14 16:22 . 2009-09-09 20:53 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2009-08-14 16:21 . 2009-09-09 20:53 328704 ----a-w- c:\windows\system32\BFE.DLL 2009-08-14 14:16 . 2009-09-09 20:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:16 . 2009-09-09 20:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:16 . 2009-09-09 20:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:16 . 2009-09-09 20:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:16 . 2009-09-09 20:53 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:16 . 2009-09-09 20:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:16 . 2009-09-09 20:53 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-12 12:15 . 2009-08-12 12:15 17 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\godzHell\jag2png.bat 2009-08-12 00:51 . 2009-09-20 00:34 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_RegistrationRecovery.exe 2009-08-11 19:11 . 2009-08-11 15:45 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-08-11 19:10 . 2009-08-11 15:45 189640 ----a-w- c:\windows\system32\PnkBstrB.exe 2008-10-28 12:53 . 2008-10-28 12:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-09 02:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-04 289072] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-31 788368] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] R3 dfg;dfg;c:\windows\system32\DRIVERS\dfg.sys [2009-01-31 23552] R4 LMIRfsClientNP;LMIRfsClientNP; [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S2 VisualSVNServer;VisualSVN Server;c:\program files\VisualSVN Server\bin\VisualSVNServer.exe [2009-03-23 23840] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040] --- Other Services/Drivers In Memory --- NewlyCreated - MBR Deregistered - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Akamai REG_MULTI_SZ Akamai [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-11-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:08] 2009-08-26 c:\windows\Tasks\HPCeeScheduleForAdministrator.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-28 18:34] 2009-11-03 c:\windows\Tasks\HPCeeScheduleForBluhm Bros.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-28 18:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.crazickforums.com/index.php?sid=bf9eed5b80f5ab2587d5c925f0493b81 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = .local IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm011WCUS IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-AdobeBridge - (no file) HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe SafeBoot-Wdf01000.sys AddRemove-Auto Clicker Typer_is1 - c:\program files\Auto Clicker Typer\unins000.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-DesktopActivityRecorder - c:\program files\Desktop Activity Recorder\Uninst.exe AddRemove-freevideomaster Toolbar - c:\progra~1\FREEVI~1\UNWISE.EXE AddRemove-GamersFirst LIVE! - c:\program files\GamersFirst\LIVE!\uninstall.exe AddRemove-Greenfoot_is1 - c:\greenfoot\uninst\unins000.exe AddRemove-No-IP.com DUC - c:\program files\No-IP\DUC20.exe AddRemove-SCAR Divi 3.15b_is1 - c:\program files\SCAR 3.15\21\unins000.exe AddRemove-Subversion_is1 - c:\program files\Subversion\unins000.exe AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\setup\unins000.exe AddRemove-{C288E530-1286-4751-A49D-E6A0159C95C0}_is1 - c:\program files\RS2 Server Suite\unins000.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 17:45 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x877FEE07]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x85d691f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-959817231-1204997069-661096803-1000\Software\SecuROM\License information] "datasecu"=hex:aa,6e,6b,3d,5f,0d,13,74,b4,88,41,5d,ab,00,ff,c7,ce,e1,9d,d3,8e, c5,95,92,ce,0b,98,1c,f8,7b,3c,8e,cf,09,34,33,65,d6,b4,8c,69,98,57,e9,d3,d2,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(2500) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Palm\Hotsync.exe c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************* . Completion time: 2009-11-07 18:00 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-07 23:00 Pre-Run: 197,971,652,608 bytes free Post-Run: 197,616,111,616 bytes free - - End Of File - - ED12182D97101F9C1FD3A3639CF66F86

Essexboy View Member Profile	Nov 8 2009, 05:12 AM Post #44
GeekU Moderator Posts: 19,158 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Looking much better - still a few to remove - how is it running now ? Please download MBR.exe and save it to C:\ Click on Start button. Click Programs > Accessories (or Programs > Accessories) Click on Command Prompt. In the Command box type c:\mbr -t It will create a file c:\mbr.log; please paste the contents of that file in your reply THEN 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: CODE File:: c:\windows\win32k.sys 3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES 4. Save the above as CFScript.txt 5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new OTListit log. FINALLY FOR NOW Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Logs : MBR, COMBOFIX and OTL

onkaloonka View Member Profile	Nov 8 2009, 06:03 AM Post #45
Member Posts: 57 From: USA :) OS: Vista home premium	Alrite I will, Its running much smoother, except I keep gettign redirection on google :/ Edit: When I ran mbr using the command prompt, It did not create a .txt file This post has been edited by onkaloonka: Nov 8 2009, 06:09 AM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

7 Pages

< 1 2 3 4 5 > »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal SUSPECTED MALWARE ON MY COMPUTER - PLEASE HELP	0 / 219	7th November 2005 - 08:49 AM lmr4angels started - last by lmr4angels
Virus, Spyware and Trojan Removal Malware on My Computer Please Help [CLOSED]	8 / 1,230	22nd November 2005 - 08:14 AM whokiid started - last by Rawe
Virus, Spyware and Trojan Removal malware on my computer HELP! [RESOLVED]	8 / 552	1st June 2006 - 06:58 AM tcdor started - last by therock247uk
Virus, Spyware and Trojan Removal Malware on my computer Please help me.	0 / 391	11th March 2008 - 02:10 AM Toohottohandle started - last by Toohottohandle