Just removed "RelevantKnowledge" [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Just removed "RelevantKnowledge" [Solved] how did i go?

#1 Phillip...

Group: Member
Posts: 40
Joined: 22-December 08

Posted 13 February 2009 - 11:01 PM

After noticing I was infected with "RelevantKnowledge", I did a spybot scan and remove, removed junk and registry from ccleaner, and tried some other scans with no results after the spybot removal. am i still infected/have i properly removed it?
here's a hjt log....
P.S I have this folder in my user folder now: "{f5b05c85-d446-44eb-9004-b7a22e4c5ebb}" with rdpdisp file (security catalog file), rdpdisp (setup information), rdpdisp.dll and rdpdisp.sys in it. what is this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:06 PM, on 14/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Switcher\Switcher.exe
C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: PingFMDesktop.lnk = D:\Setup Files\Internet - Communication\PingFMDesktop\PingFMDesktop.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7765 bytes

#2 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 20 February 2009 - 10:25 PM

Hello, Phillip..., and welcome to GeeksToGo! Sorry for the delay in reply, the forums have been busy.

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

The log for OTListIt2 will be very long and may not fit in one post, since there is a character limit on posts. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply.

#3 Phillip...

Group: Member
Posts: 40
Joined: 22-December 08

Posted 20 February 2009 - 11:46 PM

otlist.txt:

OTListIt logfile created on: 21/02/2009 4:41:56 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = D:\Documents & Data\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.04% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.00 Gb Total Space | 160.39 Gb Free Space | 80.19% Space Free | Partition Type: NTFS
Drive D: | 396.18 Gb Total Space | 123.93 Gb Free Space | 31.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHILL-PC
Current User Name: Phill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Switcher\Switcher.exe (Bao_Nguyen)
PRC - C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
PRC - D:\Documents & Data\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon [Auto | Running]) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Capture Device Service [Auto | Running]) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CscService [Auto | Running]) -- C:\Windows\sysnative\cscsvc.dll ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Fax [Disabled | Stopped]) -- C:\Windows\sysnative\fxssvc.exe ()
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PcaSvc [Auto | Running]) -- C:\Windows\sysnative\pcasvc.dll ()
SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\sysnative\umrdp.dll ()
SRV - (wbengine [On_Demand | Stopped]) -- C:\Windows\sysnative\wbengine.exe ()
SRV - (wlcrasvc [Auto | Running]) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (3xHybr64 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\3xHybr64.sys ()
DRV - (AvgLdx64 [System | Running]) -- C:\Windows\sysnative\Drivers\avgldx64.sys ()
DRV - (AvgMfx64 [System | Running]) -- C:\Windows\sysnative\Drivers\avgmfx64.sys ()
DRV - (AvgTdiA [System | Running]) -- C:\Windows\sysnative\Drivers\avgtdia.sys ()
DRV - (CSC [System | Running]) -- C:\Windows\sysnative\drivers\csc.sys ()
DRV - (fvevol [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\fvevol.sys ()
DRV - (gdrv [On_Demand | Stopped]) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\GEARAspiWDM.sys ()
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\HdAudio.sys ()
DRV - (NVHDA [On_Demand | Running]) -- C:\Windows\sysnative\drivers\nvhda64v.sys ()
DRV - (RTL8023x64 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\Rtnic64.sys ()
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\wpdusb.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = Reg Error: Invalid data type.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (292080 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10058 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" (johnsadventures.com)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet (Bao_Nguyen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Users\Phill\AppData\Local\*.tmp files]
[2009/02/21 16:39:47 | 00,494,080 | ---- | C] (OldTimer Tools) -- D:\Documents & Data\Desktop\OTListIt2.exe
[2009/02/20 18:58:12 | 00,001,645 | ---- | C] () -- D:\Documents & Data\Desktop\SUPER.spf
[2009/02/20 13:03:08 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/20 13:02:58 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/20 13:02:49 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/20 13:02:44 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/20 13:02:40 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/20 13:02:12 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\IXP04CBE.tmp
[2009/02/20 12:55:24 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\dotnetfx3530729.01
[2009/02/19 22:37:35 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/02/19 22:37:35 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/02/19 22:37:34 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/02/19 22:37:34 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/02/19 22:37:34 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/02/19 22:37:34 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/02/19 22:37:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/19 22:37:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/02/19 22:37:33 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/02/19 22:37:33 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/02/19 22:37:33 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/02/19 22:37:32 | 00,445,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/02/19 22:37:32 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/02/19 22:37:32 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/02/19 22:37:32 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/02/19 22:37:32 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/02/19 22:37:32 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/02/19 22:37:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/02/19 22:37:31 | 01,639,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/19 22:37:31 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/19 22:37:31 | 00,593,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/19 22:37:31 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/02/19 22:37:30 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/02/19 22:37:30 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/02/19 22:37:30 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/02/19 22:37:30 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/02/19 22:37:30 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/02/19 22:37:30 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/02/19 22:37:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/02/19 22:37:30 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/02/19 22:37:30 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/02/19 22:37:29 | 00,911,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/19 22:37:29 | 00,724,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/02/19 22:37:29 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/02/19 22:37:29 | 00,392,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/02/19 22:37:29 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/02/19 22:37:29 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/02/19 22:37:29 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/02/19 22:37:28 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/02/19 22:37:28 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/02/19 22:37:27 | 03,698,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/02/19 22:37:27 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/19 22:37:27 | 00,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/02/19 22:37:27 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/02/19 22:37:27 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/02/19 22:37:27 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/02/19 22:37:27 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/02/19 22:37:27 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/02/19 22:37:27 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/02/19 22:37:27 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/02/19 22:37:27 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/02/19 22:37:26 | 01,467,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/02/19 22:37:26 | 01,182,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/19 22:37:25 | 10,963,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/19 22:37:24 | 05,888,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/19 21:23:33 | 00,000,000 | ---D | C] -- D:\Documents & Data\Documents\Ulead VideoStudio
[2009/02/19 21:19:25 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\dvdcss
[2009/02/19 21:09:21 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/02/19 21:08:48 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Orbit
[2009/02/19 21:08:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2009/02/18 22:20:38 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\NBC Direct
[2009/02/18 22:20:36 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\IDM
[2009/02/18 22:20:32 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\PMB Files
[2009/02/18 22:20:31 | 00,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2009/02/18 22:20:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2009/02/18 22:20:29 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Downloaded Installations
[2009/02/18 22:20:27 | 00,000,000 | ---D | C] -- C:\ProgramData\NBC Direct
[2009/02/18 22:20:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NBC Direct
[2009/02/18 22:20:26 | 00,000,000 | -H-D | C] -- C:\Users\Phill\AppData\Local\{18FA3A4F-75BB-4F0E-B631-C9C47B7BD948}
[2009/02/15 23:31:10 | 03,773,728 | -H-- | C] () -- C:\Users\Phill\AppData\Local\IconCache.db
[2009/02/15 15:00:45 | 00,000,000 | ---D | C] -- C:\ProgramData\FreeRIP
[2009/02/15 15:00:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FreeRIP3
[2009/02/15 13:30:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2009/02/15 13:29:53 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/02/15 13:26:56 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2009/02/15 13:26:56 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2009/02/15 10:59:16 | 00,001,037 | ---- | C] () -- C:\Users\Phill\AppData\Local\Account.atomsvc
[2009/02/15 01:17:25 | 00,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2009/02/15 01:17:22 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2009/02/15 01:17:22 | 00,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2009/02/15 01:17:21 | 00,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2009/02/15 01:17:20 | 00,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2009/02/15 01:17:19 | 00,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2009/02/15 01:17:12 | 00,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2009/02/15 01:17:12 | 00,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2009/02/15 01:17:12 | 00,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2009/02/15 01:17:12 | 00,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2009/02/15 01:17:12 | 00,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2009/02/15 01:17:12 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2009/02/15 01:17:12 | 00,054,784 | RHS- | C] (RadLight) -- C:\Windows\System32\RLAPEDec.ax
[2009/02/15 01:17:12 | 00,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2009/02/15 01:17:12 | 00,037,888 | RHS- | C] (RadLight) -- C:\Windows\System32\RLMPCDec.ax
[2009/02/15 01:17:12 | 00,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2009/02/15 01:17:12 | 00,027,648 | -HS- | C] () -- C:\Windows\System32\Smab0.dll
[2009/02/15 01:17:11 | 00,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2009/02/15 01:17:11 | 00,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2009/02/15 01:17:11 | 00,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2009/02/15 01:17:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2009/02/15 00:12:28 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/02/15 00:12:01 | 05,426,688 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe
[2009/02/15 00:12:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2009/02/14 23:42:59 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/02/14 23:41:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/02/14 21:05:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2009/02/14 20:28:21 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/02/14 20:27:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Replay AV 8
[2009/02/14 20:11:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Apowersoft
[2009/02/14 20:07:48 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Moyea
[2009/02/14 19:46:07 | 00,000,000 | ---D | C] -- D:\Documents & Data\Documents\Camtasia Studio
[2009/02/14 19:46:03 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\TechSmith
[2009/02/14 19:45:31 | 00,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2009/02/14 19:45:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2009/02/14 19:45:14 | 00,102,400 | ---- | C] (TechSmith Corporation) -- C:\Windows\System32\tsccvid.dll
[2009/02/14 19:44:59 | 00,045,056 | ---- | C] (TechSmith Corporation) -- C:\Windows\System32\CSvidcap.dll
[2009/02/14 19:44:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2009/02/14 19:28:35 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\GPass
[2009/02/14 16:00:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/02/14 14:16:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ToniArts
[2009/02/14 14:10:30 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/14 14:10:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/02/14 14:10:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/02/14 13:09:55 | 00,000,000 | ---D | C] -- D:\Documents & Data\Documents\Downloads
[2009/02/14 12:58:10 | 00,033,792 | ---- | C] () -- D:\Documents & Data\Documents\dutch festival.doc
[2009/02/14 12:32:58 | 00,000,000 | ---D | C] -- D:\Documents & Data\Documents\SimCity 4
[2009/02/14 11:44:41 | 00,000,000 | ---D | C] -- D:\Documents & Data\Documents\My Chat Logs
[2009/02/14 11:41:50 | 00,190,684 | ---- | C] () -- D:\Documents & Data\Documents\winfast channel list.chl
[2009/02/14 11:38:30 | 03,014,156 | ---- | C] () -- D:\Documents & Data\Documents\Robert.rar
[2009/02/13 22:44:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BadgerIT
[2009/02/13 21:36:42 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Ulead Systems
[2009/02/13 21:32:48 | 00,000,123 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/12 22:15:33 | 00,000,000 | ---D | C] -- C:\temp
[2009/02/12 22:15:27 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Free Audio Editor
[2009/02/12 22:15:09 | 00,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll
[2009/02/12 22:15:09 | 00,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTTextToAudio2.dll
[2009/02/12 22:15:09 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2009/02/12 22:15:09 | 00,113,486 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2009/02/12 22:15:08 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2009/02/12 22:15:08 | 01,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2009/02/12 22:15:08 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll
[2009/02/12 22:15:08 | 00,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll
[2009/02/12 22:15:08 | 00,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll
[2009/02/12 22:15:08 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll
[2009/02/12 22:15:08 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll
[2009/02/12 15:36:02 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/02/12 15:36:02 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/02/12 15:36:01 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/02/12 15:36:01 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/02/12 15:36:01 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/02/11 22:28:53 | 00,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2009/02/11 21:43:51 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Apps
[2009/02/11 19:07:23 | 00,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009/02/11 18:42:33 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Installer2852
[2009/02/11 18:35:10 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Installer3140
[2009/02/10 22:58:25 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Flock
[2009/02/10 22:58:25 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Flock
[2009/02/10 22:58:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Flock
[2009/02/10 21:39:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinUAE
[2009/02/10 19:01:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2009/02/10 17:29:39 | 00,208,896 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\esint7e.dll
[2009/02/09 22:29:11 | 00,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/02/09 22:25:43 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\ArcSoft
[2009/02/09 22:24:56 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Ahead
[2009/02/09 22:20:46 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Ahead
[2009/02/09 22:19:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2009/02/09 22:19:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2009/02/09 22:19:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2009/02/09 22:17:30 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/02/09 22:17:30 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/02/09 22:08:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2009/02/09 22:02:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/02/09 21:46:08 | 00,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303865614-1436376011-3695403134-1000.job
[2009/02/09 21:08:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2009/02/09 21:08:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/02/09 21:08:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2009/02/09 21:08:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/02/09 21:05:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/02/09 21:05:09 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Microsoft Help
[2009/02/09 21:05:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/02/09 21:05:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2009/02/09 19:31:05 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/02/09 15:48:13 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Auslogics
[2009/02/09 15:30:13 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Adobe
[2009/02/09 11:56:37 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009/02/09 11:50:11 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/02/09 11:48:24 | 00,000,000 | ---D | C] -- C:\Windows\CSC
[2009/02/09 11:43:56 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/02/09 11:43:05 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/02/09 11:33:33 | 00,000,000 | -H-D | C] -- C:\Windows.old
[2009/02/09 08:26:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Control Panels
[2009/02/09 08:24:38 | 00,000,000 | ---D | C] -- C:\ProgramData\ALM
[2009/02/09 08:21:43 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/02/09 08:21:43 | 00,190,696 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\NPSWF32_FlashUtil.exe
[2009/02/09 08:18:50 | 00,000,000 | ---D | C] -- C:\Windows\System32\spool
[2009/02/09 08:16:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2009/02/08 23:15:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2009/02/08 22:55:29 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/08 22:55:28 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Thunderbird
[2009/02/08 22:55:28 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Thunderbird
[2009/02/08 22:48:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2009/02/08 22:39:46 | 00,000,002 | ---- | C] () -- C:\Windows\System32\Dvbpws.dll
[2009/02/08 22:25:50 | 00,000,006 | -HS- | C] () -- C:\Users\Phill\AppData\Roaming\desktop.ini
[2009/02/08 22:25:50 | 00,000,006 | -HS- | C] () -- C:\Users\Phill\AppData\Local\desktop.ini
[2009/02/08 22:25:07 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\ArcSoft
[2009/02/08 22:24:19 | 00,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2009/02/08 22:24:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2009/02/08 22:21:49 | 00,000,000 | ---D | C] -- C:\Windows\System32\WinFast
[2009/02/08 22:21:25 | 00,000,000 | ---D | C] -- C:\Windows\WinFast
[2009/02/08 22:05:25 | 00,000,000 | ---- | C] () -- C:\Windows\System32\tviresource.val
[2009/02/08 22:05:00 | 00,000,000 | ---D | C] -- C:\Windows\TweakVI
[2009/02/08 22:05:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TweakVI
[2009/02/08 22:00:37 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/02/08 22:00:36 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2009/02/08 22:00:36 | 00,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2009/02/08 22:00:36 | 00,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2009/02/08 22:00:35 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/02/08 22:00:35 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/08 22:00:35 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/08 22:00:35 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2009/02/08 22:00:35 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2009/02/08 22:00:34 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2009/02/08 22:00:34 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/08 22:00:34 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/02/08 22:00:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2009/02/08 21:43:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename
[2009/02/08 21:42:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes Library Updater
[2009/02/08 21:40:37 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\johnsadventures.com
[2009/02/08 21:40:07 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\johnsadventures.com
[2009/02/08 21:40:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\johnsadventures.com
[2009/02/08 21:34:26 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\vlc
[2009/02/08 21:31:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2009/02/08 21:31:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2009/02/08 21:26:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2009/02/08 21:26:24 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Real
[2009/02/08 21:25:46 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/02/08 21:24:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2009/02/08 21:23:04 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\KeePass
[2009/02/08 21:22:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe
[2009/02/08 21:21:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2009/02/08 21:18:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2009/02/08 21:16:23 | 00,111,480 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/02/08 21:16:00 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Paint.NET
[2009/02/08 21:15:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger Plus! Live
[2009/02/08 21:10:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009/02/08 21:10:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\IOSUBSYS
[2009/02/08 21:10:39 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Google
[2009/02/08 21:10:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2009/02/08 21:07:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Desktop Restore
[2009/02/08 21:07:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2009/02/08 21:07:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/02/08 21:07:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2009/02/08 21:07:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2009/02/08 21:02:12 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\WinRAR
[2009/02/08 21:01:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2009/02/08 20:59:46 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2009/02/08 20:59:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2009/02/08 20:55:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InterVideo
[2009/02/08 20:55:13 | 00,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2009/02/08 20:55:12 | 00,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/02/08 20:55:12 | 00,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/02/08 20:55:12 | 00,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/02/08 20:55:12 | 00,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/02/08 20:55:12 | 00,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/02/08 20:55:12 | 00,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/02/08 20:54:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2009/02/08 20:53:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2009/02/08 20:53:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2009/02/08 20:52:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems
[2009/02/08 20:46:24 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Apple Computer
[2009/02/08 20:46:24 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Apple Computer
[2009/02/08 20:46:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009/02/08 20:46:06 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/08 20:46:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/02/08 20:45:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2009/02/08 20:45:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/02/08 20:45:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/02/08 20:45:29 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Apple
[2009/02/08 20:45:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2009/02/08 20:45:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/02/08 20:45:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2009/02/08 20:42:12 | 00,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2009/02/08 20:42:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2009/02/08 20:41:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AudioConverter Studio
[2009/02/08 20:38:38 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Winamp
[2009/02/08 20:38:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2009/02/08 20:37:20 | 00,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2009/02/08 20:37:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2009/02/08 20:37:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/02/08 20:36:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2009/02/08 20:35:51 | 00,000,901 | ---- | C] () -- C:\Users\Phill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PingFMDesktop.lnk
[2009/02/08 19:15:32 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Macromedia
[2009/02/08 19:15:32 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Adobe
[2009/02/08 19:01:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/02/08 18:47:03 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Local\Bao_Nguyen
[2009/02/08 18:47:02 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\Bao_Nguyen
[2009/02/08 18:25:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/02/08 18:25:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/02/08 18:24:44 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/02/08 18:24:28 | 01,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2009/02/08 18:24:28 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2009/02/08 18:24:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/02/08 18:23:39 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/02/08 18:23:34 | 00,000,000 | ---D | C] -- C:\Users\Phill\AppData\Roaming\SUPERAntiSpyware.com
[2009/02/08 18:23:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/02/08 18:23:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/02/08 18:23:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\filehippo.com
[2009/02/08 18:20:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/02/08 18:20:31 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/02/08 18:20:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2009/02/08 18:20:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2009/02/08 18:20:00 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/02/08 18:15:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/02/08 18:15:14 | 00,095,744 | ---- | C] () -- C:\Users\Phill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/08 18:14:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Switcher
[2009/02/08 18:10:38 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\avg
[2009/02/08 18:08:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2009/02/08 18:05:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/02/08 17:55:49 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/08 17:55:49 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/02/08 17:55:49 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/02/08 17:55:49 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/02/08 17:55:49 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/08 17:55:49 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/02/08 17:55:48 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/02/08 17:55:48 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/02/08 17:55:48 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll

#4 Phillip...

Group: Member
Posts: 40
Joined: 22-December 08

Posted 20 February 2009 - 11:54 PM

Didn't get a "Extras.Txt."

#5 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 21 February 2009 - 05:14 AM

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

#6 Phillip...

Group: Member
Posts: 40
Joined: 22-December 08

Posted 21 February 2009 - 06:44 AM

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Media Encoder 2.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Software Update
AudioConverter Studio 5.5
AusLogics Disk Defrag
AVG Free 8.0
Camtasia Studio 3
CCleaner (remove only)
Choice Guard
DVD Shrink 3.2
EasyCleaner
filehippo.com Update Checker
FileZilla Client 3.0.9.2
Flock (2.0.3)
FreeRIP v3.091
HijackThis 2.0.2
InterVideo DeviceService
IrfanView (remove only)
iTunes Library Updater
John's Background Switcher 3.6
Junk Mail filter update
KeePass Password Safe 1.14
K-Lite Codec Pack 4.5.3 (Full)
Live Mesh
Messenger Plus! Live
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
Nero 7 Premium
neroxml
Orbit Downloader
Pando Media Booster
PDF Settings
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Replay AV 8
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Outlook 2007 (KB946983)
Skype™ 4.0
Spybot - Search & Destroy
SpywareBlaster 4.1
SUPER © Version 2008.bld.30 (Mar 22, 2008)
SUPERAntiSpyware Free Edition
Switcher 2.0.0
Total Video Converter 3.11 070908
TweakVI
Ulead VideoStudio 11
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 0.9.6
VOB2MPG 2.5
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinFast Codec-TS SDK
WinFast De-interlace SDK
WinFast DTV1000 S Driver
WinFast PVR2
WinFast TT-SB SDK
WinRAR archiver
WinUAE 1.5.3

#7 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 21 February 2009 - 11:58 AM

You are looking pretty clean from what I can see. Do an update with AVG8 and do a scan. Does it come up clean?

#8 Phillip...

Group: Member
Posts: 40
Joined: 22-December 08

Posted 22 February 2009 - 12:54 AM

yep, comes up clean!! thank you :-)

#9 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 23 February 2009 - 12:07 PM

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set.

Make sure you have an Internet Connection.
Download OTCleanIt to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard gives you realtime protection from spyware.
Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!

#10 Phillip...

Group: Member
Posts: 40
Joined: 22-December 08

Posted 25 February 2009 - 05:06 AM

i think i'm alright now! did a scan with Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.34
Database version: 1798
Windows 6.0.6001 Service Pack 1

24/02/2009 5:31:12 PM
mbam-log-2009-02-24 (17-31-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 345247
Time elapsed: 51 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 25 February 2009 - 11:01 AM

You're just want to have Malwarebytes' fix that entry (rather than take no action). Other than that, you are all set.

#12 Phillip...

Group: Member
Posts: 40
Joined: 22-December 08

Posted 26 February 2009 - 02:06 AM

great - looks clean now.

thank you!!

handhfan, on Feb 25 2009, 12:01 PM, said:

You're just want to have Malwarebytes' fix that entry (rather than take no action). Other than that, you are all set.

#13 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 26 February 2009 - 12:17 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Just removed "RelevantKnowledge" [Solved] - Geeks to Go Forums