Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random blank pages after google searches.

Started by JustUniqu3 , Jun 23 2010 05:05 AM

  • This topic is locked This topic is locked

#1
JustUniqu3
Posted 23 June 2010 - 05:05 AM

JustUniqu3

    Member

  • Member
  • PipPip
  • 32 posts
Hwy guys, basically whenever I go to google and do a search, it works just as I expect it to, but, if I then close that tab in firefox it brings up another tab which loads a blank page, but in the URL it has the same search criteria as what I searched for in google.

Ok, so, let's get these logs up for you.
(The stars represent the start of the log block.)
*****

OTL.Txt --:
OTL logfile created on: 23/06/2010 11:37:41 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Dale\Desktop\NO MALWARE
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 28.94 Gb Free Space | 19.42% Space Free | Partition Type: NTFS
Drive D: | 591.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 149.05 Gb Total Space | 124.26 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 102.97 Gb Free Space | 69.08% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: DALE-PC
Current User Name: Dale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/23 10:31:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\NO MALWARE\OTL.exe
PRC - [2010/06/15 17:13:58 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/05 22:29:40 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/12/17 17:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/09/21 23:45:40 | 001,273,856 | ---- | M] (Don HO [email protected]) -- E:\NPP\notepad++.exe
PRC - [2009/09/10 15:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/08/14 03:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/14 03:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/13 19:02:34 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009/08/13 18:59:22 | 003,161,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009/08/13 18:37:56 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009/08/07 13:55:03 | 000,535,552 | ---- | M] (TeamSpeak Systems) -- C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
PRC - [2009/06/27 19:23:11 | 000,288,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009/06/27 19:23:11 | 000,124,536 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/06/25 22:04:37 | 007,547,424 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/06/20 12:27:54 | 000,615,176 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 08:33:40 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
PRC - [2007/10/16 11:08:08 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2007/10/16 11:07:38 | 002,711,552 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2007/08/30 19:13:06 | 000,319,488 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2007/08/27 13:52:28 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbfcoms.exe


========== Modules (SafeList) ==========

MOD - [2010/06/23 10:31:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\NO MALWARE\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/12/17 17:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/10/31 12:40:24 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/19 19:46:00 | 003,474,384 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/08/14 03:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/31 22:59:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/27 19:23:11 | 000,288,368 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/16 11:08:08 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007/10/16 11:07:38 | 002,711,552 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbfcoms.exe -- (lxbf_device)
SRV - [2007/01/25 18:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/11/16 04:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/10 15:54:18 | 000,095,568 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/11/10 15:53:54 | 000,032,016 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2009/11/04 20:01:16 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/11/04 20:01:16 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/16 15:25:07 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/08/16 15:25:05 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/08/14 05:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 07:45:00 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/14 16:35:30 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/06/27 13:08:09 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/25 22:04:38 | 002,375,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/28 00:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/10/17 09:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 09:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/17 18:40:20 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/07/17 18:40:14 | 000,034,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/06/25 02:19:10 | 000,325,656 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/06/25 02:18:52 | 000,132,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/06/25 02:18:46 | 000,278,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/05/11 17:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/01/25 18:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2006/12/31 15:38:18 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/01/19 12:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928)
DRV - [2005/01/19 12:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 22:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 20:40:54 | 000,000,000 | ---D | M]

[2009/10/06 22:43:03 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions
[2009/07/30 17:56:39 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/23 10:39:13 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions
[2009/10/06 22:50:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 19:16:35 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/11/01 13:05:20 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/02/09 23:01:43 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/03/19 12:54:57 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\[email protected]
[2009/10/06 22:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/31 10:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2009/07/03 01:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/03/12 22:58:05 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 22:58:05 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 22:58:05 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 22:58:05 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/25 15:25:32 | 000,000,895 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 84.246.123.71 l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioReg] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm ()
O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: FreshDownload - {15697B7E-3594-4C7B-90E5-52FA0174C3BB} - C:\Program Files\FreshDevices\FreshDownload\fd.exe File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamesp...nch/alaunch.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dale\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dale\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/30 16:25:37 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2010/05/30 16:22:36 | 000,595,499 | ---- | M] () - C:\Autoruns.zip -- [ NTFS ]
O32 - AutoRun File - [2005/08/01 16:44:27 | 000,000,225 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/09/16 20:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/05/26 20:54:55 | 000,002,146 | ---- | M] () - E:\autorestart.smx -- [ NTFS ]
O33 - MountPoints2\{305506df-64f0-11de-bd6c-001c25349b08}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- [2005/09/16 20:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\directx\command - "" = D:\directx9\DXSETUP.exe -- [2005/05/26 23:34:41 | 000,482,000 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\setup\command - "" = D:\setup.exe -- [2005/09/19 23:04:52 | 000,253,952 | R--- | M] (Microsoft Game Studios )
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\automenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/04 21:14:37 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Labtec Inc.)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/23 10:16:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/23 10:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/23 10:03:16 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\NO MALWARE
[2010/06/14 20:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/13 01:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/05 03:46:44 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\profiles
[2010/06/04 18:14:23 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\MTA-Lua
[2010/06/04 12:42:03 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\InfraRecorder
[2010/06/04 11:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010/06/02 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\profiles
[2010/05/31 15:28:03 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\LogMeIn Hamachi
[2010/05/31 15:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/05/30 16:25:37 | 000,000,000 | ---D | C] -- C:\Autoruns
[2010/05/27 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\Vitalwerks
[2010/05/27 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/05/27 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\HACKS
[2010/05/26 14:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\TS Admin-Client 2
[2010/05/25 16:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010/05/24 17:56:30 | 000,000,000 | ---D | C] -- C:\Users\Dale\.sshterm
[2010/05/24 17:56:30 | 000,000,000 | ---D | C] -- C:\Users\Dale\.ssh
[2010/05/24 00:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Schmads Inc
[2010/05/18 20:42:29 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\BYOND
[2010/05/18 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\BYOND
[2010/04/26 23:42:55 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\OpenOffice.org
[2010/04/26 23:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/20 08:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLifeViewer2
[2010/04/14 23:42:32 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/03/29 16:20:32 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2010/03/29 09:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2010/03/28 11:54:19 | 000,000,000 | ---D | C] -- C:\Users\Dale\Perl
[2010/03/28 01:38:13 | 000,000,000 | ---D | C] -- C:\strawberry
[2010/03/27 15:38:41 | 000,000,000 | ---D | C] -- C:\MinGW
[2010/03/27 14:58:46 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\ActiveState
[2010/03/25 20:03:17 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Malwarebytes
[2010/03/25 20:03:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/25 20:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/25 20:03:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/25 20:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/21 22:13:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\A3D.DLL
[2009/07/31 19:44:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll
[2009/07/31 19:44:14 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll
[2009/07/31 19:44:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll
[2009/07/31 19:44:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll
[2009/07/31 19:44:14 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll
[2009/07/31 19:44:13 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll
[2009/07/31 19:44:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll
[2009/07/31 19:44:13 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll
[2009/07/31 19:44:13 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll
[2009/07/31 19:44:13 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll
[2009/07/31 19:44:13 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll
[2009/07/31 19:44:13 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/23 11:40:41 | 008,388,608 | -HS- | M] () -- C:\Users\Dale\ntuser.dat
[2010/06/23 11:19:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/23 11:18:45 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9FBFB0A4-B2C3-4DE6-A4C4-C5C98FC53CDA}.job
[2010/06/23 11:16:19 | 000,003,775 | ---- | M] () -- C:\Users\Dale\Desktop\archetype.xml
[2010/06/23 10:34:27 | 000,729,668 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/23 10:34:27 | 000,631,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/23 10:34:27 | 000,111,974 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/23 10:30:35 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/06/23 10:28:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/23 10:27:54 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 10:27:54 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 10:27:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/23 10:27:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/23 10:27:26 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 10:25:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/23 10:25:25 | 000,524,288 | -HS- | M] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TMContainer00000000000000000001.regtrans-ms
[2010/06/23 10:25:25 | 000,065,536 | -HS- | M] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TM.blf
[2010/06/23 10:25:22 | 002,503,153 | -H-- | M] () -- C:\Users\Dale\AppData\Local\IconCache.db
[2010/06/23 10:25:09 | 000,000,857 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/06/22 23:05:18 | 000,075,809 | ---- | M] () -- C:\Users\Dale\Desktop\nsgbannerad.jpg
[2010/06/22 23:04:58 | 000,559,893 | ---- | M] () -- C:\Users\Dale\Desktop\nsgbanner.psd
[2010/06/22 17:10:51 | 000,000,600 | ---- | M] () -- C:\Users\Dale\AppData\Local\PUTTY.RND
[2010/06/22 14:25:36 | 000,100,115 | ---- | M] () -- C:\Users\Dale\Desktop\SlavehackNCPsoftwarelist.html
[2010/06/21 16:07:31 | 000,000,218 | ---- | M] () -- C:\Windows\scrantic.ini
[2010/06/21 01:25:01 | 000,009,138 | ---- | M] () -- C:\Users\Dale\Desktop\commands.xml
[2010/06/19 17:46:43 | 000,001,874 | ---- | M] () -- C:\Users\Dale\Desktop\MTA San Andreas.lnk
[2010/06/19 13:16:02 | 000,000,032 | ---- | M] () -- C:\Windows\Gunzlauncher.INI
[2010/06/19 13:03:56 | 000,000,613 | ---- | M] () -- C:\Users\Dale\Desktop\Launch Trinity.lnk
[2010/06/14 20:39:48 | 000,138,056 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/14 20:39:48 | 000,138,056 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\PnkBstrK.sys
[2010/06/14 00:11:52 | 000,000,406 | ---- | M] () -- C:\Users\Dale\Desktop\settings.Conf
[2010/06/13 13:36:15 | 000,001,774 | -H-- | M] () -- C:\Users\Dale\Documents\Default.rdp
[2010/06/10 12:04:09 | 002,210,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 23:20:01 | 000,013,807 | ---- | M] () -- C:\Users\Dale\Desktop\nsg.png
[2010/06/09 23:19:11 | 000,034,304 | ---- | M] () -- C:\Users\Dale\Documents\Blank.doc
[2010/06/07 02:17:58 | 000,524,288 | -HS- | M] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TMContainer00000000000000000002.regtrans-ms
[2010/06/07 02:00:20 | 000,524,288 | -HS- | M] () -- C:\Users\Dale\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/07 02:00:20 | 000,065,536 | -HS- | M] () -- C:\Users\Dale\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/04 12:15:11 | 733,419,520 | ---- | M] () -- C:\Users\Dale\Desktop\ubuntu-10.04-desktop-i386.iso
[2010/06/04 11:51:58 | 000,000,921 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/06/04 11:51:58 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2010/06/02 17:02:56 | 000,000,419 | ---- | M] () -- C:\Windows\System32\settings.Conf
[2010/06/01 15:02:24 | 002,419,568 | ---- | M] () -- C:\Windows\System32\pbsvc_apb.exe
[2010/05/31 15:27:08 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2010/05/30 16:22:36 | 000,595,499 | ---- | M] () -- C:\Autoruns.zip
[2010/05/28 19:22:17 | 000,002,930 | ---- | M] () -- C:\Users\Dale\Desktop\aliases.smx
[2010/05/28 19:17:18 | 000,001,248 | ---- | M] () -- C:\Users\Dale\Desktop\aliases.sp
[2010/05/28 01:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2010/05/26 14:15:27 | 000,000,817 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\TS Admin-Client 2.lnk
[2010/05/26 14:15:27 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\TS Admin-Client 2.lnk
[2010/05/25 16:27:37 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010/05/24 17:34:52 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/05/23 21:50:48 | 001,541,120 | ---- | M] () -- C:\Users\Dale\Desktop\Rank Structure.doc
[2010/05/23 17:53:32 | 000,000,579 | ---- | M] () -- C:\Users\Dale\Desktop\SAM Broadcaster.lnk
[2010/05/23 17:53:32 | 000,000,579 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2010/05/13 21:27:02 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 00:20:33 | 000,063,216 | ---- | M] () -- C:\Users\Dale\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/17 18:26:53 | 000,000,075 | ---- | M] () -- C:\Users\Dale\jagex_runescape_preferences2.dat
[2010/04/17 18:26:38 | 000,000,341 | ---- | M] () -- C:\Users\Public\Desktop\Lineage II.lnk
[2010/04/17 17:56:26 | 000,000,041 | ---- | M] () -- C:\Users\Dale\jagex_runescape_preferences.dat
[2010/04/16 00:57:46 | 000,000,000 | ---- | M] () -- C:\Users\Dale\jagex__preferences3.dat
[2010/04/02 00:51:05 | 000,002,121 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2010/04/01 17:39:14 | 000,038,573 | ---- | M] () -- C:\Users\Dale\Documents\CancellationConfirmation.pdf
[2010/04/01 17:00:56 | 000,000,420 | ---- | M] () -- C:\Windows\lexstat.ini
[2010/03/28 14:40:08 | 000,001,631 | ---- | M] () -- C:\Users\Dale\Desktop\MapleStory.lnk
[2010/03/28 13:43:16 | 000,000,600 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\winscp.rnd
[2010/03/28 12:30:54 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2010/03/27 23:40:44 | 000,001,475 | ---- | M] () -- C:\test.html
[2010/03/27 17:30:48 | 000,000,557 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\MapleStory.lnk
[2010/03/27 17:30:48 | 000,000,557 | ---- | M] () -- C:\Users\Dale\Desktop\MapleStory Europe.lnk
[2010/03/25 19:59:40 | 000,204,800 | -HS- | M] () -- C:\Users\Dale\AppData\Local\3292048846.dll
[2010/03/25 19:56:07 | 000,002,296 | -HS- | M] () -- C:\Users\Dale\AppData\Local\2Q757bFxJ7S
[2010/03/25 19:56:07 | 000,002,296 | -HS- | M] () -- C:\ProgramData\2Q757bFxJ7S
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/22 23:01:17 | 000,003,775 | ---- | C] () -- C:\Users\Dale\Desktop\archetype.xml
[2010/06/22 14:25:33 | 000,100,115 | ---- | C] () -- C:\Users\Dale\Desktop\SlavehackNCPsoftwarelist.html
[2010/06/22 00:00:49 | 000,075,809 | ---- | C] () -- C:\Users\Dale\Desktop\nsgbannerad.jpg
[2010/06/22 00:00:17 | 000,559,893 | ---- | C] () -- C:\Users\Dale\Desktop\nsgbanner.psd
[2010/06/21 00:49:37 | 000,009,138 | ---- | C] () -- C:\Users\Dale\Desktop\commands.xml
[2010/06/19 13:03:56 | 000,000,613 | ---- | C] () -- C:\Users\Dale\Desktop\Launch Trinity.lnk
[2010/06/14 20:39:31 | 002,419,568 | ---- | C] () -- C:\Windows\System32\pbsvc_apb.exe
[2010/06/09 23:20:01 | 000,013,807 | ---- | C] () -- C:\Users\Dale\Desktop\nsg.png
[2010/06/09 23:19:01 | 000,034,304 | ---- | C] () -- C:\Users\Dale\Documents\Blank.doc
[2010/06/07 02:09:08 | 000,524,288 | -HS- | C] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TMContainer00000000000000000002.regtrans-ms
[2010/06/07 02:09:08 | 000,524,288 | -HS- | C] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TMContainer00000000000000000001.regtrans-ms
[2010/06/07 02:09:07 | 000,065,536 | -HS- | C] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TM.blf
[2010/06/05 03:46:44 | 000,000,406 | ---- | C] () -- C:\Users\Dale\Desktop\settings.Conf
[2010/06/04 11:58:12 | 733,419,520 | ---- | C] () -- C:\Users\Dale\Desktop\ubuntu-10.04-desktop-i386.iso
[2010/06/04 11:51:58 | 000,000,921 | ---- | C] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/06/04 11:51:58 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2010/06/04 10:40:20 | 000,001,874 | ---- | C] () -- C:\Users\Dale\Desktop\MTA San Andreas.lnk
[2010/06/02 17:00:50 | 000,000,419 | ---- | C] () -- C:\Windows\System32\settings.Conf
[2010/05/31 15:27:08 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2010/05/30 16:43:06 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/30 16:22:28 | 000,595,499 | ---- | C] () -- C:\Autoruns.zip
[2010/05/28 19:02:11 | 000,001,248 | ---- | C] () -- C:\Users\Dale\Desktop\aliases.sp
[2010/05/28 18:57:58 | 000,002,930 | ---- | C] () -- C:\Users\Dale\Desktop\aliases.smx
[2010/05/28 01:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/05/26 14:15:27 | 000,000,817 | ---- | C] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\TS Admin-Client 2.lnk
[2010/05/26 14:15:27 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\TS Admin-Client 2.lnk
[2010/05/25 16:27:37 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010/05/24 17:34:52 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/05/23 21:40:40 | 001,541,120 | ---- | C] () -- C:\Users\Dale\Desktop\Rank Structure.doc
[2010/05/23 17:53:32 | 000,000,579 | ---- | C] () -- C:\Users\Dale\Desktop\SAM Broadcaster.lnk
[2010/05/23 17:53:32 | 000,000,579 | ---- | C] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2010/04/20 08:54:22 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
[2010/04/17 18:26:38 | 000,000,341 | ---- | C] () -- C:\Users\Public\Desktop\Lineage II.lnk
[2010/04/16 00:57:46 | 000,000,075 | ---- | C] () -- C:\Users\Dale\jagex_runescape_preferences2.dat
[2010/04/16 00:57:46 | 000,000,000 | ---- | C] () -- C:\Users\Dale\jagex__preferences3.dat
[2010/04/16 00:56:38 | 000,000,041 | ---- | C] () -- C:\Users\Dale\jagex_runescape_preferences.dat
[2010/04/02 00:51:04 | 000,002,121 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2010/04/01 17:39:14 | 000,038,573 | ---- | C] () -- C:\Users\Dale\Documents\CancellationConfirmation.pdf
[2010/03/29 09:20:54 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\vrtaucbl.sys
[2010/03/28 14:40:08 | 000,001,631 | ---- | C] () -- C:\Users\Dale\Desktop\MapleStory.lnk
[2010/03/28 13:43:16 | 000,000,600 | ---- | C] () -- C:\Users\Dale\AppData\Roaming\winscp.rnd
[2010/03/27 23:22:46 | 000,001,475 | ---- | C] () -- C:\test.html
[2010/03/27 17:30:48 | 000,000,557 | ---- | C] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\MapleStory.lnk
[2010/03/27 17:30:48 | 000,000,557 | ---- | C] () -- C:\Users\Dale\Desktop\MapleStory Europe.lnk
[2010/03/25 20:03:13 | 000,000,857 | ---- | C] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/03/25 19:59:40 | 000,204,800 | -HS- | C] () -- C:\Users\Dale\AppData\Local\3292048846.dll
[2010/03/25 19:54:34 | 000,002,296 | -HS- | C] () -- C:\Users\Dale\AppData\Local\2Q757bFxJ7S
[2010/03/25 19:54:34 | 000,002,296 | -HS- | C] () -- C:\ProgramData\2Q757bFxJ7S
[2009/11/29 13:06:22 | 000,000,032 | ---- | C] () -- C:\Windows\Gunzlauncher.INI
[2009/11/22 10:40:57 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/19 20:09:34 | 000,000,208 | ---- | C] () -- C:\Windows\DBMANA~1.INI
[2009/11/09 20:33:28 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/10/26 12:32:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 22:14:32 | 000,000,218 | ---- | C] () -- C:\Windows\scrantic.ini
[2009/10/15 18:50:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/10/15 18:50:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/10/04 00:35:29 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/09/21 22:06:40 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/08/21 22:14:23 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/08/21 22:13:59 | 000,061,318 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/08/21 22:13:59 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/08/16 15:40:36 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/16 15:25:07 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/16 15:25:05 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/07/31 19:46:46 | 000,000,420 | ---- | C] () -- C:\Windows\lexstat.ini
[2009/07/31 19:44:14 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll
[2009/07/31 19:44:14 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll
[2009/06/27 13:08:09 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/06/26 12:21:05 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll
[2007/01/25 18:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/01/12 10:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2005/09/13 17:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll
[2005/01/19 10:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2010/02/17 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\1&1
[2009/12/23 11:40:20 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Azureus
[2010/05/27 18:33:56 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\BitTorrent
[2009/06/27 16:55:04 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DAEMON Tools Lite
[2010/03/13 12:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Desktopicon
[2009/09/28 21:20:37 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DMCache
[2010/05/24 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\DNA
[2010/06/22 18:54:54 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\FileZilla
[2009/08/16 15:16:36 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\FreshDiagnose
[2009/08/17 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Games
[2010/02/17 18:52:07 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Hippo_OpenSim_Viewer
[2010/01/02 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\HLSW
[2009/11/28 21:16:02 | 000,000,000 | -H-D | M] -- C:\Users\Dale\AppData\Roaming\ijjigame
[2009/08/25 16:18:07 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\ImgBurn
[2010/06/04 12:51:55 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\InfraRecorder
[2009/10/23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\JAM Software
[2009/08/01 23:53:25 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\JGoodies
[2009/08/16 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\KeyText
[2009/12/26 15:26:11 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Leadertech
[2010/03/12 21:21:46 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\LimeWire
[2009/07/24 22:57:17 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Nexon
[2009/07/29 19:06:27 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Nonoh
[2009/10/04 13:09:31 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Notepad++
[2010/04/26 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\OpenOffice.org
[2009/10/15 18:59:07 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PC Suite
[2009/11/04 21:57:47 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\PKWARE
[2009/10/15 18:50:17 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Samsung
[2010/01/09 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\SecondLife
[2010/02/04 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Spotify
[2009/07/26 01:20:11 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\springlobby
[2009/07/26 01:18:27 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\springsettings
[2009/07/27 21:13:35 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Subversion
[2010/01/06 00:30:15 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\SystemRequirementsLab
[2009/07/23 00:57:49 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\TeamViewer
[2009/12/28 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\TS3Client
[2009/07/29 18:59:16 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Voipwise
[2009/08/15 13:51:07 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Warsow
[2010/06/23 10:25:27 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/23 11:18:45 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9FBFB0A4-B2C3-4DE6-A4C4-C5C98FC53CDA}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/05/30 16:22:36 | 000,595,499 | ---- | M] () -- C:\Autoruns.zip
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/06/26 04:50:19 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/12/05 21:10:08 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2010/06/23 10:27:26 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/16 19:26:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/16 19:26:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/23 10:27:24 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
[2010/03/27 23:40:44 | 000,001,475 | ---- | M] () -- C:\test.html

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/03/26 08:59:36 | 000,102,400 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\lxbfpp5c.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/14 03:16:22 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D48F2BA9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE
< End of report >

Extras.Txt --:
OTL Extras logfile created on: 23/06/2010 11:37:41 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Dale\Desktop\NO MALWARE
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 28.94 Gb Free Space | 19.42% Space Free | Partition Type: NTFS
Drive D: | 591.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 149.05 Gb Total Space | 124.26 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 102.97 Gb Free Space | 69.08% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: DALE-PC
Current User Name: Dale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2792143457-1836989674-3981329361-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09115A59-0C2A-477E-A1D2-3EC644E522C5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{0AB15C63-4599-4197-8F63-79B14468D981}" = rport=137 | protocol=17 | dir=out | app=system |
"{0DC094BD-778B-4E93-8EEE-248E7D465BE3}" = lport=139 | protocol=6 | dir=in | app=system |
"{176BD5C8-D592-4143-8145-EEF6F9A838CC}" = lport=445 | protocol=6 | dir=in | app=system |
"{2209BD58-E523-4D58-96A6-E54822326835}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2821040A-4FE6-4A38-8980-BEDA685D231C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D9C294D-B678-4D01-AD8E-639D1C0A9D52}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3502DCFE-A049-40C9-B365-058811AF2D7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3CE4F226-F6A0-41C2-BF59-B43F2B39534B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{43E734DF-EE57-4A21-8A55-2012476B07BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4590EF03-2EAF-4117-A24B-98F7A0BD599B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4E29FCA8-4359-4CF2-A7D0-8565F26D1DE6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{722DB617-D297-4461-8AEC-9D7775B42939}" = lport=138 | protocol=17 | dir=in | app=system |
"{74839627-A617-4A02-830B-F32B36E16D8E}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F7ACA8C-4E89-4EBD-B00A-74CF0A30BD65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8055678B-E4D5-42C1-B9A2-4B98F8F6C2C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8A0CAB28-645A-423E-A14D-401255034A23}" = rport=445 | protocol=6 | dir=out | app=system |
"{9377DA2C-6671-492D-B99A-1D355701A5E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB94206F-E9D5-4F06-95FC-42A3857A32B5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B2122026-8294-432B-9370-3CF4BDFCB2B3}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{B3263782-CB7D-47B7-8E4B-B500B455C611}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7B0CF06-E307-4EBC-927F-7E34D328A4D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9863A2B-6E9E-425B-B154-3CE35E62ACE7}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{E543C730-A4E3-4608-95C4-55ED59A34666}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA905A5B-4DF2-4592-809F-3A87860EBA2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBBE52B2-BE4B-42B6-9374-568388A0DF51}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE0929B7-1142-4F56-8FF9-F154F84287FF}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D4EF0C-DA14-4960-9010-00AA2D602CA4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0201C83E-B307-4F53-9C87-E2E02CA93044}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{06743E3E-2E61-4687-B545-C97A9BB735A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B191B30-0702-4BCF-8E3F-9B1E917DEA11}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0C2300C7-5F21-45D0-8F5A-4382A51DE52D}" = protocol=17 | dir=in | app=e:\call of duty - world at war\codwaw.exe |
"{0F5B37E6-6346-4A9D-ADD2-14450F2DB3C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\garrysmod\hl2.exe |
"{12EC3DFF-835F-4600-9EAD-FA3AFB74A67C}" = protocol=6 | dir=in | app=h:\bf2\bf2.exe |
"{13418D00-E186-4923-BC1F-6F42B09E61CF}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{137CB04E-111F-4D9B-B32F-5CEE80E0D30E}" = protocol=17 | dir=in | app=e:\samsung\pc studio\npsasvr.exe |
"{150C6143-EA7F-49C9-8126-C7B8A7CC9401}" = protocol=17 | dir=in | app=j:\opera1010usb_en\opera1010usb\operausb.exe |
"{16A34CB6-5C1C-4812-960F-B851A3DCFD25}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{183239B5-EB58-483E-A92D-31B083FFE5CE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{19768CF0-C52D-46F3-871F-C68861485DD6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A2A006B-25BC-4BAF-85F9-D394B31A8650}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{1B90DEBC-56D4-4C36-A646-B89FFE6FE487}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1D4156B7-8EF1-4A1F-B96A-22F374DBC3EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DBC8B32-E646-41B3-8644-B55400AF0D9D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1E5A0F38-70AB-448F-AA44-10D17467930F}" = protocol=58 | dir=out | [email protected],-28546 |
"{29F0F4E9-0D3E-47E9-9834-8357CC6D7FF0}" = protocol=17 | dir=in | app=h:\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{3478E0D3-A907-45AB-ACD0-19C73F5E885D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{39B37937-F826-4932-855F-D5B6E8199A87}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{3D49D7B5-9C4F-46AA-86A3-C27F36B5B814}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4319F177-B876-483E-9F6A-F508C6AD18DA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{449FC305-A67F-4EB2-8813-0F30D76E0756}" = protocol=17 | dir=in | app=e:\call of duty - world at war\codwawmp.exe |
"{46AFCE2D-252F-4FCF-ABA6-93E926D78250}" = protocol=6 | dir=in | app=e:\samsung\pc studio\npsvsvr.exe |
"{49F08E1C-4F56-463C-8DC6-CA9DAAB1C7AA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{4D3A2F9B-2B4C-48AA-92B4-230A83F42DEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D833354-BAD3-4652-ABA8-EE0E4858A7E4}" = protocol=6 | dir=in | app=j:\opera1010usb_en\opera1010usb\operausb.exe |
"{5009A6D4-D647-488B-BB34-561B946A7E73}" = protocol=1 | dir=in | [email protected],-28543 |
"{519203B8-5D15-4773-97EF-0489F6F643B6}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{5240BF07-E233-4F06-9DDC-BF69F4AFB70B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{57670A19-271C-4805-9A45-911F1D3C7A35}" = protocol=6 | dir=in | app=e:\call of duty - world at war\codwawmp.exe |
"{5B9D5B72-7103-483E-A676-B9453BB511B6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{5EDC49BE-97FF-48CD-9511-28047A52B649}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60E9BBB8-5230-4B44-BE0A-C497CE38E2D1}" = protocol=17 | dir=in | app=e:\samsung\pc studio\npsvsvr.exe |
"{625148C6-5DC7-4FA6-AFBA-0AB2AC77C9A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64CEA944-B3DB-4B48-9B9B-2CA40C4C3A87}" = protocol=6 | dir=out | app=system |
"{650B3505-EEDB-44AB-9ED2-4AFE689A7A32}" = protocol=6 | dir=in | app=h:\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{6541B83B-05FC-4D6F-9593-BEA8020355BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6B1A99BD-E829-4533-B2DD-25DC6AB924CA}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6F8DFEEC-904C-45C9-84AE-C67C966623A2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{70235FF1-34C2-4EB8-930D-8FF42FEB5162}" = protocol=17 | dir=in | app=h:\bf2\bf2.exe |
"{7411BFB5-6C48-4FBF-B318-95AC0CDC0441}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82DF3528-1253-4048-97CD-17143E3F0207}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{86E3DCAB-7349-4208-9E28-0584887094F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88583679-60B7-4FD3-A796-28B1A1C60414}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{8AF626D9-E36B-4C00-B73F-3A8E3BB626CA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{8B946E53-7960-4FDA-A248-F4E894F9DC4C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{8D29424B-4250-4A8A-906E-3CE32FD0B601}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E564C5A-30F5-4A5D-9C3E-505A18A4CED2}" = protocol=6 | dir=in | app=e:\samsung\pc studio\npsasvr.exe |
"{8ED01021-966D-48BE-9756-D1E3E14845DF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{921AB7DA-9A24-46AC-96DB-BA5B65496DB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9835C05F-0784-4BA7-8463-B0F3A1C7E67A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe |
"{9B6D8EF7-69D4-4EEF-A344-1492CC9B768B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A72E9459-6B5B-4B1F-BEA6-DD837179006F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A7AE83EC-A90C-4AE7-BCD3-FB985B512D36}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{A922523E-4929-4F56-AFEC-2C266A0F5347}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{A93B72FA-FBD8-4AA6-A0C7-8D60A6734E24}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{AB16CEDD-7316-47C7-8AA1-EDAE416EC55C}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AB6064E0-2701-4608-B6E4-15B1EB37BD20}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{ABD3AA09-3E5D-49B1-B38D-18DB16215118}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B0A773C9-4C2B-4097-9C3F-DA19337ED092}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B46A18D3-450D-4AF5-A4C2-83AC3C5A4F94}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B6861831-28BC-4D63-A9C2-006DA693F90A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA9E798F-F54E-49BD-8FE3-6B4EFBE86095}" = protocol=6 | dir=in | app=e:\call of duty - world at war\codwaw.exe |
"{BD521AD4-6667-4FAE-8810-89CEC7D92353}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BDB4DF5A-DB89-4B54-8D2A-39BBE7DCAE19}" = protocol=58 | dir=in | [email protected],-28545 |
"{C02AB96F-3AD3-4EFE-9C42-506F4D4EC290}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C39EE8BB-86EA-49E9-9ED5-22D4D039FE26}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C42E43DF-1F61-4B05-B2B9-84E2D8FAA07A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\garrysmod\hl2.exe |
"{C79CCA47-0D7B-43B8-BC80-0090328752FF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\garrysmod\hl2.exe |
"{C8BD6D08-4271-456D-9FA6-499DE5AA0700}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBDC2228-FFEC-460D-BCB2-35BF7AE44F9E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CE4F9CAF-CE1F-4E11-9D91-4EE3900219E6}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CFA07B9A-7877-42D6-8247-AC27C29BFCC4}" = protocol=1 | dir=out | [email protected],-28544 |
"{D1D036A1-3D43-4BC3-930E-8A3103A8B95A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe |
"{D3451C13-8766-48E9-AB66-3B8083691107}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5919B72-5315-4A02-BAD0-5CE57F8E5292}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EBFC5D03-CA06-4DC0-BA28-21130EE41D67}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\garrysmod\hl2.exe |
"{EE8DE837-CAC3-48ED-B5A9-B9BE6A044E85}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F853E3C1-3C97-455E-A0C8-95D54EE12FB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB63F800-D09C-4860-8401-9D953FF408B0}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{0A80D228-6521-4B13-A53F-D57AD9538077}C:\program files\turkojan\client.exe" = protocol=6 | dir=in | app=c:\program files\turkojan\client.exe |
"TCP Query User{0FF94F67-4DDF-4830-B071-09B27C7FC5CF}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{2D1532AE-9B70-49C7-A5A1-75208AB7F756}C:\program files\voipwise.com\voipwise\voipwise.exe" = protocol=6 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe |
"TCP Query User{32D3526E-D567-4F13-A149-7101C4119CDA}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{33C5673E-8A7D-4F85-8B1F-23F047665279}C:\users\dale\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\dale\program files\dna\btdna.exe |
"TCP Query User{35E0B3EC-B185-4A87-B645-10C078D7A490}C:\program files\steam\steamapps\dsdale\dystopia\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\dystopia\hl2.exe |
"TCP Query User{41699311-EA66-4C93-8AE0-74BCDE2D7E63}C:\program files\spring\springlobby.exe" = protocol=6 | dir=in | app=c:\program files\spring\springlobby.exe |
"TCP Query User{43B4B7A5-23D9-40AE-9023-EBCB675D5714}C:\program files\spring\springdownloader.exe" = protocol=6 | dir=in | app=c:\program files\spring\springdownloader.exe |
"TCP Query User{48A61F53-C8C4-4578-A625-85081B392FF4}C:\users\dale\desktop\hacks\biozombie\biozombie\client\biozombie 1.5.exe" = protocol=6 | dir=in | app=c:\users\dale\desktop\hacks\biozombie\biozombie\client\biozombie 1.5.exe |
"TCP Query User{503CD36A-C476-44E2-8CBD-0B77DA406EB6}H:\apb\apb europe\binaries\apb.exe" = protocol=6 | dir=in | app=h:\apb\apb europe\binaries\apb.exe |
"TCP Query User{53809510-9509-405C-B090-1B1378DBDA38}C:\program files\steam\steamapps\dsdale\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\counter-strike source\hl2.exe |
"TCP Query User{5808F7C9-B90E-47F9-A852-112FA20B1694}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{5A403982-45B7-40F8-B3B7-22F68A30BF96}C:\users\dale\desktop\hacks\turkojan_4__gold_\turkojan 4\client.exe" = protocol=6 | dir=in | app=c:\users\dale\desktop\hacks\turkojan_4__gold_\turkojan 4\client.exe |
"TCP Query User{5B7D5616-990D-4421-95A8-AEBC88817C97}E:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=e:\unrealtournament\system\unrealtournament.exe |
"TCP Query User{695D5287-5095-44A6-BB6D-B75F967CD88E}C:\program files\steam\steamapps\dsdale\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\half-life 2 deathmatch\hl2.exe |
"TCP Query User{6FE13C71-48F3-481A-8ABD-511CC52A3F2A}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{77589549-3425-48D1-9FF8-75A807708F71}C:\program files\nonoh.net\nonoh\nonoh.exe" = protocol=6 | dir=in | app=c:\program files\nonoh.net\nonoh\nonoh.exe |
"TCP Query User{78297981-59BE-4D33-904D-6B496D260C9C}C:\program files\steam\steamapps\dsdale\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\half-life 2 deathmatch\hl2.exe |
"TCP Query User{7895BC54-DEF9-4E42-9E7E-934E9739B906}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{83305F34-BEA4-4BD6-A09D-F8AEC840C588}H:\tg\trinity gunz\gunz.exe" = protocol=6 | dir=in | app=h:\tg\trinity gunz\gunz.exe |
"TCP Query User{8ABD9BB9-33C5-46F7-93A4-9A61F98BE98F}C:\program files\steam\steamapps\dsdale\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\counter-strike source\hl2.exe |
"TCP Query User{8E4C6015-DD44-47EA-94C8-3CDF5FEF6B59}C:\users\dale\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\dale\program files\dna\btdna.exe |
"TCP Query User{A18A17D1-CB2E-4089-A1EA-B78FCD56B6CB}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{A3CF680F-4F9D-41BC-8F09-DDDE0EA92C6C}C:\program files\steam\steamapps\dsdale\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\source sdk base\hl2.exe |
"TCP Query User{B68DEF09-9B01-420D-AF8B-2DFB8427EF5F}C:\program files\rockstar games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta san andreas\gta_sa.exe |
"TCP Query User{B9773840-9765-443C-860F-D059846FB964}C:\program files\steam\steamapps\dsdale\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dsdale\insurgency\hl2.exe |
"TCP Query User{C761568B-1678-45A5-AF42-FF2B3FEA09EE}C:\program files\turkojan\client.exe" = protocol=6 | dir=in | app=c:\program files\turkojan\client.exe |
"TCP Query User{CEB85145-0A9F-471C-BBE8-4469B0C5055C}H:\aoe3\age3_bladeartist.exe" = protocol=6 | dir=in | app=h:\aoe3\age3_bladeartist.exe |
"TCP Query User{D3AFF963-C52F-4592-BCC6-843AE61FD3BD}E:\xfire\xfire.exe" = protocol=6 | dir=in | app=e:\xfire\xfire.exe |
"TCP Query User{D49DCA6E-0720-4756-9CD5-52FE9BD866DB}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{D6203D8A-B32E-48CB-968C-0B05D1E4890A}C:\users\dale\desktop\hacks\spynet__rat_\spynet [rat]\spynet.exe" = protocol=6 | dir=in | app=c:\users\dale\desktop\hacks\spynet__rat_\spynet [rat]\spynet.exe |
"TCP Query User{DF2933E9-5BFC-49BE-B619-4EB72051625B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0271F025-0FB1-4FC8-9622-246FA0B62AC5}C:\program files\turkojan\client.exe" = protocol=17 | dir=in | app=c:\program files\turkojan\client.exe |
"UDP Query User{0AECDF15-96EB-4C4C-B63C-0AAC2553E876}C:\program files\steam\steamapps\dsdale\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\source sdk base\hl2.exe |
"UDP Query User{111D7893-CA65-45E7-A8CC-B30E8035268C}C:\program files\voipwise.com\voipwise\voipwise.exe" = protocol=17 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe |
"UDP Query User{130CFAC3-3113-44A5-A7F7-2EE265214B7D}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{149941A4-BBE3-435A-9DA6-AB9442246A34}C:\program files\rockstar games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta san andreas\gta_sa.exe |
"UDP Query User{1AB85C3F-BA44-4490-B59E-5B8528D5FEE1}H:\tg\trinity gunz\gunz.exe" = protocol=17 | dir=in | app=h:\tg\trinity gunz\gunz.exe |
"UDP Query User{2CAF0EE0-DB20-483C-AAA9-CB5574B47CDA}C:\program files\steam\steamapps\dsdale\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\counter-strike source\hl2.exe |
"UDP Query User{34BC9507-D222-4253-957A-175413EDD455}C:\users\dale\desktop\hacks\turkojan_4__gold_\turkojan 4\client.exe" = protocol=17 | dir=in | app=c:\users\dale\desktop\hacks\turkojan_4__gold_\turkojan 4\client.exe |
"UDP Query User{34C86C05-A7AE-4B2D-8A4A-1AF567C45150}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{353EE42C-4F59-4078-A558-A42FA83EF2F5}C:\users\dale\desktop\hacks\biozombie\biozombie\client\biozombie 1.5.exe" = protocol=17 | dir=in | app=c:\users\dale\desktop\hacks\biozombie\biozombie\client\biozombie 1.5.exe |
"UDP Query User{365ECACE-0605-4DEB-87E1-3961B8B7B0B4}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{36F5406C-F26F-4150-A615-AF95FFFC79A0}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{59500972-E1C6-4B2B-B5B4-0CBF2F7EB133}H:\aoe3\age3_bladeartist.exe" = protocol=17 | dir=in | app=h:\aoe3\age3_bladeartist.exe |
"UDP Query User{5ECC8C06-2FFC-4E47-9C0F-6157288D619A}C:\program files\steam\steamapps\dsdale\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\half-life 2 deathmatch\hl2.exe |
"UDP Query User{6501E468-9F91-443C-871B-9A5AE30EB27C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{895AFE92-8243-41CA-8459-15512A0D4BEA}E:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=e:\unrealtournament\system\unrealtournament.exe |
"UDP Query User{91A055EE-C71F-469B-9EF9-B249CCC4A2E4}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{95D1411F-CF7D-48BB-BB47-3A63884CC63E}C:\program files\steam\steamapps\dsdale\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\counter-strike source\hl2.exe |
"UDP Query User{97C4398D-7E8B-41F4-B9FE-9B55B0EB505F}C:\users\dale\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\dale\program files\dna\btdna.exe |
"UDP Query User{A041D639-5650-4092-B0A6-B0B12CBAF1E0}H:\apb\apb europe\binaries\apb.exe" = protocol=17 | dir=in | app=h:\apb\apb europe\binaries\apb.exe |
"UDP Query User{AEE1E829-4ADC-4D3D-BDD0-B88A5223CEF8}C:\users\dale\desktop\hacks\spynet__rat_\spynet [rat]\spynet.exe" = protocol=17 | dir=in | app=c:\users\dale\desktop\hacks\spynet__rat_\spynet [rat]\spynet.exe |
"UDP Query User{BB9B026A-58F3-4AD5-A543-F1192BF29C95}C:\users\dale\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\dale\program files\dna\btdna.exe |
"UDP Query User{C1F26445-DAC2-4BA4-933A-5AB3BE743A5A}C:\program files\spring\springlobby.exe" = protocol=17 | dir=in | app=c:\program files\spring\springlobby.exe |
"UDP Query User{C6850D01-4B93-40D6-8BCC-66E42D0DAAC5}C:\program files\steam\steamapps\dsdale\dystopia\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\dystopia\hl2.exe |
"UDP Query User{D194419C-0653-4FA3-9B23-ED0C7FC2C533}C:\program files\steam\steamapps\dsdale\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\half-life 2 deathmatch\hl2.exe |
"UDP Query User{D6790BE4-A8DB-4093-B452-B325163E2F4E}E:\xfire\xfire.exe" = protocol=17 | dir=in | app=e:\xfire\xfire.exe |
"UDP Query User{E50B6575-A5BD-46BB-AA2F-A68ED287BEE3}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{E91D9A37-F57D-4457-8BDE-318B6849BE3D}C:\program files\steam\steamapps\dsdale\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dsdale\insurgency\hl2.exe |
"UDP Query User{F029BFE1-178D-47D0-86B0-E2148EC1DA17}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{F36F720C-C8C5-43FB-89E0-82D5FF2E7C30}C:\program files\nonoh.net\nonoh\nonoh.exe" = protocol=17 | dir=in | app=c:\program files\nonoh.net\nonoh\nonoh.exe |
"UDP Query User{F44F9C01-D1E6-4DF2-A30B-EEEFC61CB46E}C:\program files\spring\springdownloader.exe" = protocol=17 | dir=in | app=c:\program files\spring\springdownloader.exe |
"UDP Query User{F7EBF394-672B-40BA-93FE-39886B80D370}C:\program files\turkojan\client.exe" = protocol=17 | dir=in | app=c:\program files\turkojan\client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0117713F-9BB5-E61B-686F-D63C156E63F6}" = Catalyst Control Center Core Implementation
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{041FE46C-4EEA-06AE-4562-00A899F5A0FB}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{204D48C5-6231-4955-83EC-623DCB437FD9}_is1" = Emerald Viewer 1.23.5.1101
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.42
"{25668C6A-4ECB-3842-B85F-6F663B4E3A38}" = Strawberry Perl
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.009.00
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3BC1954F-F5C9-4ED2-BB2A-BAEEF4DAC74D}" = TortoiseSVN 1.6.3.16613 (32 bit)
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5934808D-F536-2B3F-A488-F53372854C69}" = ccc-core-static
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{610E64BA-F306-6C12-F882-F76CD244A3C2}" = Catalyst Control Center Graphics Light
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68BC06A7-FC85-D463-48BE-3EBFD9747C7E}" = Catalyst Control Center HydraVision Full
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D5B8F9D-00F6-4F71-87E0-C43C043A018E}" = Logitech Motion Detector Gadget
"{8DE98D27-6F65-90E4-0F46-A0FCAEEB8D5B}" = Catalyst Control Center Graphics Previews Common
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B784E2-F4D7-38A5-E9DD-6CC093B07C58}" = Catalyst Control Center Graphics Full New
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A7E110EF-3B05-4CCD-3CB7-3D373325D43A}" = Catalyst Control Center InstallProxy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3A0347D-6F37-40E3-AC66-85529088649F}_is1" = Mz Vista Force v2.2
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BCDD3356-B5B2-9D0F-3776-8D5E28893F82}" = ccc-utility
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6B29F03-4D97-3B4E-D906-70958E6B1448}" = HydraVision
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}" = VGA Utility
"{D2D15362-27A7-9D88-35B2-C04697E4CD94}" = Catalyst Control Center Graphics Previews Vista
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.00
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D85EE6FC-1263-3A84-CEB7-A53E97B6A835}" = ATI Catalyst Install Manager
"{DDD9BB0C-C116-91D3-A45B-FA3291781BB0}" = Catalyst Control Center Graphics Full Existing
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2EC3CA2-1136-45C1-B5AE-AB03DED6E98C}" = Logitech QuickCapture Gadget
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Age of Mythology 1.0" = Age of Mythology
"AhnLab Online Security" = AhnLab Online Security
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"APB Europe" = APB Europe
"AutoHotkey" = AutoHotkey 1.0.48.05
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"CCleaner" = CCleaner
"CoD RconTool" = CoD RconTool
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DBManager Standard_is1" = DBManager 3.2.4
"D-Day" = D-Day
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"Europe MapleStory_is1" = Europe MapleStory
"FBDBServer_2_0_is1" = Firebird 2.1.0.16780 (Win32)
"File Recover_is1" = File Recover 7.5
"FileZilla Client" = FileZilla Client 3.3.2.1
"Fraps" = Fraps (remove only)
"Free Screen Recorder_is1" = Free Screen Recorder v2.9
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"FreshDevices - FreshUI_is1" = FreshUI
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"Game Booster_is1" = Game Booster
"Google Updater" = Google Updater
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.1
"HashTab" = HashTab 2.3.0
"HLSW_is1" = HLSW v1.3.2.1
"Hospital" = Theme Hospital
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InterActual Player" = InterActual Player
"KeyText_is1" = KeyText v3
"Lexmark X6100 Series" = Lexmark X6100 Series
"LimeWire" = LimeWire 5.4.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MTA:SA" = MTA:SA v1.0.4-rc-1783
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Recuva" = Recuva
"SAM3" = SAM3 (remove only)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Silent Hunter II" = Silent Hunter II
"SourceForts" = SourceForts
"Speccy" = Speccy
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"Spotify" = Spotify
"Spring" = Spring 0.80.5.1
"Spring 1944" = Spring 1944 Lyuban (1.07)
"Steam App 17580" = Dystopia
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 4000" = Garry's Mod
"Steam App 500" = Left 4 Dead
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TreeSize Free_is1" = TreeSize Free V2.3.3
"Trinity GunZ 6.4.0" = Trinity GunZ 6.4.0
"TS Admin-Client 2_is1" = TS Admin-Client 2.2.3-alpha [Build: 1485]
"Turkojan_is1" = Turkojan 4.0
"Unlocker" = Unlocker 1.8.7
"Update Service" = Update Service
"Virtual Audio Cable 4.04" = Virtual Audio Cable 4.04
"VistaGlazz_is1" = VistaGlazz 2.0
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 0.9.9
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

ark.txt --:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-23 11:36:39
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Dale\AppData\Local\Temp\kwldapog.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 869EEF00
INT 0x62 ? 869EEF00
INT 0x72 ? 85085BF8
INT 0x82 ? 85085BF8
INT 0x82 ? 85085BF8
INT 0x82 ? 869EEF00
INT 0x82 ? 85085BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spgl.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C60B000, 0x2DE45A, 0xE8000020]
.text USBPORT.SYS!DllUnload 8CC3741B 5 Bytes JMP 869EE4E0
.text avvam9cm.SYS 8CCC8000 22 Bytes [82, 83, 80, 82, 6C, 82, 80, ...]
.text avvam9cm.SYS 8CCC8017 106 Bytes [00, 32, D7, 79, 80, 3D, D5, ...]
.text avvam9cm.SYS 8CCC8082 74 Bytes [84, 82, E7, 20, 84, 82, C6, ...]
.text avvam9cm.SYS 8CCC80CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text avvam9cm.SYS 8CCC80DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x98CF7300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x98D3A300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\explorer.exe[544] ntdll.dll!NtProtectVirtualMemory 77484D34 5 Bytes JMP 0017000A
.text C:\Windows\explorer.exe[544] ntdll.dll!NtWriteVirtualMemory 77485674 5 Bytes JMP 0018000A
.text C:\Windows\explorer.exe[544] ntdll.dll!KiUserExceptionDispatcher 77485DC8 5 Bytes JMP 0016000A
.text C:\Windows\Explorer.EXE[852] ntdll.dll!NtProtectVirtualMemory 77484D34 5 Bytes JMP 016A000A
.text C:\Windows\Explorer.EXE[852] ntdll.dll!NtWriteVirtualMemory 77485674 5 Bytes JMP 016B000A
.text C:\Windows\Explorer.EXE[852] ntdll.dll!KiUserExceptionDispatcher 77485DC8 5 Bytes JMP 007C000A
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtProtectVirtualMemory 77484D34 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtWriteVirtualMemory 77485674 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!KiUserExceptionDispatcher 77485DC8 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[1152] ole32.dll!CoCreateInstance 76819EA6 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[1152] USER32.dll!GetCursorPos 76740B88 5 Bytes JMP 00C5000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3660] ntdll.dll!NtProtectVirtualMemory 77484D34 5 Bytes JMP 01B9000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3660] ntdll.dll!NtWriteVirtualMemory 77485674 5 Bytes JMP 01BA000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3660] ntdll.dll!KiUserExceptionDispatcher 77485DC8 5 Bytes JMP 009F000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A1D1F8
Device \Driver\volmgr \Device\VolMgrControl 850871F8
Device \Driver\usbuhci \Device\USBPDO-0 86AAB1F8
Device \Driver\usbuhci \Device\USBPDO-1 86AAB1F8
Device \Driver\usbuhci \Device\USBPDO-2 86AAB1F8
Device \Driver\usbuhci \Device\USBPDO-3 86AAB1F8
Device \Driver\usbehci \Device\USBPDO-4 86AAC1F8
Device \Driver\PCI_PNP5250 \Device\00000061 spgl.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{D7E79CEE-6FB3-488C-9B11-4DE437A3827C} 86FF81F8
Device \Driver\sptd \Device\1073597262 spgl.sys
Device \Driver\volmgr \Device\HarddiskVolume1 850871F8
Device \Driver\volmgr \Device\HarddiskVolume2 850871F8
Device \Driver\cdrom \Device\CdRom0 86AAD1F8
Device \Driver\volmgr \Device\HarddiskVolume3 850871F8
Device \Driver\cdrom \Device\CdRom1 86AAD1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A1C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85A1C1F8
Device \Driver\atapi \Device\Ide\IdePort0 85A1C1F8
Device \Driver\atapi \Device\Ide\IdePort1 85A1C1F8
Device \Driver\atapi \Device\Ide\IdePort2 85A1C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 85A1C1F8
Device \Driver\cdrom \Device\CdRom2 86AAD1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86FF81F8
Device \Driver\Smb \Device\NetbiosSmb 8718B1F8
Device \Driver\iScsiPrt \Device\RaidPort0 86B191F8
Device \Driver\usbuhci \Device\USBFDO-0 86AAB1F8
Device \Driver\usbuhci \Device\USBFDO-1 86AAB1F8
Device \Driver\usbuhci \Device\USBFDO-2 86AAB1F8
Device \Driver\usbuhci \Device\USBFDO-3 86AAB1F8
Device \Driver\usbehci \Device\USBFDO-4 86AAC1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{7A64FDB6-90DA-4704-9669-117D1F15F651} 86FF81F8
Device \Driver\avvam9cm \Device\Scsi\avvam9cm1 86B001F8
Device \Driver\avvam9cm \Device\Scsi\avvam9cm1Port4Path0Target1Lun0 86B001F8
Device \Driver\avvam9cm \Device\Scsi\avvam9cm1Port4Path0Target0Lun0 86B001F8
Device \FileSystem\cdfs \Cdfs 870E61F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158304a73b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158304a73b@60d0a9a6c10c 0x11 0xFF 0x67 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x61 0x6A 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x61 0x51 0xA2 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x11 0xD4 0x6D 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB2 0xE7 0xF9 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158304a73b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158304a73b@60d0a9a6c10c 0x11 0xFF 0x67 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x61 0x6A 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x61 0x51 0xA2 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x11 0xD4 0x6D 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB2 0xE7 0xF9 0xFE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04214C08-E6D0-01C1-7F15-386B1C93CA38}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04214C08-E6D0-01C1-7F15-386B1C93CA38}@hahjcdldnodjfhjf 0x6A 0x61 0x63 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04214C08-E6D0-01C1-7F15-386B1C93CA38}@iabkmojmpdghkdonjb 0x63 0x61 0x6F 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04214C08-E6D0-01C1-7F15-386B1C93CA38}@ianjmlclfgiahoiifa 0x6A 0x61 0x63 0x65 ...

---- EOF - GMER 1.0.15 ----

mbam-log-2010-06-23 (10-37-08).txt --:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

23/06/2010 10:37:08 AM
mbam-log-2010-06-23 (10-37-08).txt

Scan type: Quick scan
Objects scanned: 120231
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*****
(The stars represent the end of the logs block.)

Hope somebody can help me out, as I'm totally lost as to what's going on here!

NOTE: I was previously infected by a file called "sysctrls.exe" but I got rid of that myself (don't quite remember how I did it though...)

NOTE2: I have posted this from my laptop as it wouldn't post on the infected computer, I got connection reset everytime I tried to post it.

Edited by JustFKNUniqu3, 23 June 2010 - 05:08 AM.

  • 0

Advertisements

#2
kahdah
Posted 23 June 2010 - 05:20 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello welcome to G2Go. :)
=====================
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#3
JustUniqu3
Posted 23 June 2010 - 05:39 AM

JustUniqu3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, it gave a warning saying CD-Emulation drivers have been detected so I clicked Ok and it restarted my computer, it is now running a scan after it rebooted.

NOTE: While going to the download page for ComboFix I was hit by yet another blank page, during this (well, directly after) I noticed that my Java had loaded, maybe this is part of the malware? or from the the ComboFix page?

Will post back when the log is done.
  • 0

#4
JustUniqu3
Posted 23 June 2010 - 06:03 AM

JustUniqu3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, so, ComboFix is done and the log is to follow:

ComboFix 10-06-22.03 - Dale 23/06/2010 12:38:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1313 [GMT 1:00]
Running from: c:\users\Dale\Desktop\NO MALWARE\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Turkojan
c:\program files\Turkojan\English.lng
c:\program files\Turkojan\German.lng
c:\program files\Turkojan\MESAJ.DAT
c:\program files\Turkojan\Portuguese.lng
c:\program files\Turkojan\readme.rtf
c:\program files\Turkojan\Spanish.lng
c:\program files\Turkojan\Steam_128.ico
c:\program files\Turkojan\Steam_146.ico
c:\program files\Turkojan\Turkce.lng
c:\program files\Turkojan\turkojan.ini
c:\program files\Turkojan\unins000.dat
c:\program files\Turkojan\unins000.exe
c:\programdata\hpeD02A.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Turkojan
c:\programdata\Microsoft\Windows\Start Menu\Programs\Turkojan\Uninstall Turkojan 4.0.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Turkojan\Web Site.url
c:\users\Dale\AppData\Local\3292048846.dll
c:\users\Dale\AppData\Roaming\Desktopicon
c:\windows\system32\Data
c:\windows\system32\info.txt

.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 11:53 . 2010-06-23 11:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-23 11:53 . 2010-06-23 11:53 -------- d-----w- c:\users\Dale\AppData\Local\temp
2010-06-23 09:15 . 2010-06-23 09:15 -------- d-----w- c:\program files\ERUNT
2010-06-14 19:39 . 2010-06-01 14:02 2419568 ----a-w- c:\windows\system32\pbsvc_apb.exe
2010-06-14 19:38 . 2010-06-14 19:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-13 00:11 . 2010-06-13 00:11 -------- d-----w- c:\program files\Common Files\Skype
2010-06-04 11:42 . 2010-06-04 11:51 -------- d-----w- c:\users\Dale\AppData\Roaming\InfraRecorder
2010-06-04 10:51 . 2010-06-04 10:51 -------- d-----w- c:\program files\InfraRecorder
2010-06-02 16:00 . 2010-06-02 16:00 -------- d-----w- c:\windows\system32\profiles
2010-05-31 14:28 . 2010-06-23 09:28 -------- d-----w- c:\users\Dale\AppData\Local\LogMeIn Hamachi
2010-05-31 14:27 . 2010-05-31 14:27 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-05-30 15:25 . 2010-05-30 15:25 -------- d-----w- C:\Autoruns
2010-05-30 15:22 . 2010-05-30 15:22 595499 ----a-w- C:\Autoruns.zip
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-27 17:00 . 2010-05-27 17:00 -------- d-----w- c:\users\Dale\AppData\Local\Vitalwerks
2010-05-27 16:58 . 2010-05-27 16:58 -------- d-----w- c:\program files\No-IP
2010-05-26 13:15 . 2010-05-26 13:33 -------- d-----w- c:\program files\TS Admin-Client 2
2010-05-26 10:48 . 2010-05-21 13:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 10:48 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 15:27 . 2010-06-22 21:39 -------- d-----w- c:\program files\mIRC
2010-05-24 16:56 . 2010-05-24 16:56 -------- d-----w- c:\users\Dale\.sshterm
2010-05-24 16:56 . 2010-05-24 16:56 -------- d-----w- c:\users\Dale\.ssh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 11:29 . 2009-07-27 23:59 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-23 11:28 . 2009-07-14 20:52 -------- d-----w- c:\users\Dale\AppData\Roaming\FileZilla
2010-06-23 09:27 . 2010-03-25 19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-23 08:20 . 2009-06-26 10:28 -------- d-----w- c:\program files\Steam
2010-06-22 21:40 . 2009-08-02 22:04 -------- d-----w- c:\users\Dale\AppData\Roaming\mIRC
2010-06-22 11:25 . 2009-06-30 17:32 -------- d-----w- c:\users\Dale\AppData\Roaming\Skype
2010-06-22 07:06 . 2009-06-30 17:39 -------- d-----w- c:\users\Dale\AppData\Roaming\skypePM
2010-06-21 22:58 . 2009-10-05 16:41 -------- d-----w- c:\users\Dale\AppData\Roaming\Xfire
2010-06-20 17:14 . 2009-10-05 16:41 -------- d-----w- c:\programdata\Xfire
2010-06-14 19:39 . 2009-12-26 19:25 138056 ----a-w- c:\users\Dale\AppData\Roaming\PnkBstrK.sys
2010-06-14 19:39 . 2009-12-26 19:25 138056 ----a-w- c:\users\Dale\AppData\Roaming\PnkBstrK.sys
2010-06-14 19:39 . 2009-11-22 09:40 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-14 19:39 . 2009-11-22 09:37 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-14 19:39 . 2009-11-22 09:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-14 19:38 . 2009-06-26 11:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-14 19:38 . 2009-08-16 14:25 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-10 21:04 . 2010-02-16 20:42 -------- d-----w- c:\program files\MTA San Andreas
2010-06-10 18:42 . 2010-04-26 22:42 1 ----a-w- c:\users\Dale\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-10 11:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 11:01 . 2009-06-25 21:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-07 01:03 . 2009-08-07 13:27 -------- d-----w- c:\users\Dale\AppData\Roaming\teamspeak2
2010-05-27 17:33 . 2009-06-26 14:22 -------- d-----w- c:\users\Dale\AppData\Roaming\BitTorrent
2010-05-26 17:06 . 2010-06-09 21:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 21:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 17:26 . 2009-08-28 15:16 -------- d-----w- c:\programdata\McAfee
2010-05-24 19:11 . 2009-06-26 14:03 -------- d-----w- c:\users\Dale\AppData\Roaming\DNA
2010-05-24 19:00 . 2009-08-01 22:40 -------- d-----w- c:\program files\Sun
2010-05-24 18:57 . 2009-12-04 22:53 -------- d-----w- c:\program files\Cain
2010-05-24 18:52 . 2009-06-26 14:03 -------- d-----w- c:\program files\DNA
2010-05-24 16:34 . 2009-07-14 20:51 -------- d-----w- c:\program files\FileZilla FTP Client
2010-05-23 23:18 . 2010-05-23 23:18 -------- d-----w- c:\program files\Schmads Inc
2010-05-18 19:40 . 2010-05-18 19:40 -------- d-----w- c:\program files\BYOND
2010-05-15 16:33 . 2009-08-08 00:29 -------- d-----w- c:\program files\Google
2010-05-04 05:59 . 2010-06-09 21:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 21:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 21:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 21:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 21:43 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-03-25 19:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-03-25 19:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 23:20 . 2009-06-25 19:06 63216 ----a-w- c:\users\Dale\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-26 22:42 . 2010-04-26 22:42 -------- d-----w- c:\users\Dale\AppData\Roaming\OpenOffice.org
2010-04-26 22:34 . 2010-04-26 22:34 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-17 17:26 . 2010-04-15 23:57 75 ----a-w- c:\users\Dale\jagex_runescape_preferences2.dat
2010-04-17 16:56 . 2010-04-15 23:56 41 ----a-w- c:\users\Dale\jagex_runescape_preferences.dat
2010-04-15 23:57 . 2010-04-15 23:57 0 ----a-w- c:\users\Dale\jagex__preferences3.dat
2010-04-05 17:01 . 2010-06-09 21:43 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-03-28 13:40 . 2010-03-28 13:40 45056 ----a-r- c:\users\Dale\AppData\Roaming\Microsoft\Installer\{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}\MapleStory.exe1_C19AB6C4BBD049EF927D9C7CB80BC0B0.exe
2010-03-28 13:40 . 2010-03-28 13:40 45056 ----a-r- c:\users\Dale\AppData\Roaming\Microsoft\Installer\{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}\MapleStory.exe_C19AB6C4BBD049EF927D9C7CB80BC0B0.exe
2010-03-28 13:40 . 2010-03-28 13:40 10134 ----a-r- c:\users\Dale\AppData\Roaming\Microsoft\Installer\{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}\ARPPRODUCTICON.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-12-05 20:10 . 2006-11-02 06:25 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\config.sys
2009-12-05 20:10 . 2006-11-02 06:25 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys
2009-12-05 20:10 . 2006-11-02 06:25 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\config.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 17:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-25 7547424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 357384]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 1573384]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 3161608]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 55824]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-8-30 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE VGA Utility.lnk]
path=c:\users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE VGA Utility.lnk
backup=c:\windows\pss\GIGABYTE VGA Utility.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05 102400 ----a-w- e:\samsung\PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 10:33 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Echovoice Gamer Statistics]
2006-11-28 21:52 53248 ----a-w- c:\program files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 08:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 08:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 09:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 10:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\steam\steam.exe" -silent
"Taskbar Shuffle"=c:\program files\Taskbar Shuffle\taskbarshuffle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):31,e3,9e,5f,4b,57,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2792143457-1836989674-3981329361-1000]
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-27 721904]
R2 gupdate1ca17bf68127180;Google Update Service (gupdate1ca17bf68127180);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 133104]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 cpuz130;cpuz130;c:\users\Dale\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-11-04 13224]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-17 131072]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 79104]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-11-10 95568]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2009-11-10 32016]
R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-09-19 3474384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 172032]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-06-27 288368]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2006-12-31 31616]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 19720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 00:29]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 00:30]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-08 00:30]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{9FBFB0A4-B2C3-4DE6-A4C4-C5C98FC53CDA}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &All by FD - file://c:\program files\FreshDevices\FreshDownload\fdiectx2.htm
IE: Download with &FD - file://c:\program files\FreshDevices\FreshDownload\fdiectx.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{15697B7E-3594-4C7B-90E5-52FA0174C3BB} - c:\program files\FreshDevices\FreshDownload\fd.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath - c:\users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AsioReg - CTASIO.DLL
HKLM-Run-NPSStartup - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-1&1 EasyLogin - c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe
MSConfigStartUp-CTxfiHlp - CTXFIHLP.EXE
MSConfigStartUp-FreshDownload - c:\program files\FreshDevices\FreshDownload\FD.EXE
MSConfigStartUp-Nonoh - c:\program files\Nonoh.net\Nonoh\Nonoh.exe
MSConfigStartUp-Sysctrls - Sysctrls.exe
MSConfigStartUp-Voipwise - c:\program files\Voipwise.com\Voipwise\Voipwise.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 12:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2792143457-1836989674-3981329361-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04214C08-E6D0-01C1-7F15-386B1C93CA38}*]
"hahjcdldnodjfhjf"=hex:6a,61,63,65,67,68,6b,62,65,6e,68,6e,64,70,67,66,64,65,
6d,66,00,00
"iabkmojmpdghkdonjb"=hex:63,61,6f,65,6d,65,00,7f
"ianjmlclfgiahoiifa"=hex:6a,61,63,65,68,68,64,62,66,6a,6b,67,62,6b,65,67,62,6a,
66,62,00,00

[HKEY_USERS\S-1-5-21-2792143457-1836989674-3981329361-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,89,3e,04,38,e0,a4,cf,3b,e0,d2,74,12,36,10,9d,ea,df,5a,33,b9,de,53,
56,d7,f8,8a,36,0f,10,cc,80,b7,59,8c,61,0d,b7,0f,35,15,87,c7,85,be,b1,9e,48,\
"??"=hex:8f,61,c8,ea,b0,4c,60,5b,f5,f3,47,4e,63,18,cb,2c

[HKEY_USERS\S-1-5-21-2792143457-1836989674-3981329361-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7d,1f,f0,34,1f,d4,f9,8a,b5,17,74,34,1f,10,69,e9,ec,3e,cc,ad,8c,
cf,73,ff,ed,b6,c9,8c,be,d1,2b,41,cf,d6,07,f7,d4,58,fb,35,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2792143457-1836989674-3981329361-1000_Classes\CLSID\{a038addf-d59f-4546-a17b-018433708aab}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,6b,89,e9,09,6f,ad,8c,9d,a3,3b,ed,46,e6,b2,f3,32,01,37,5c,38,13,05,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-23 12:59:24
ComboFix-quarantined-files.txt 2010-06-23 11:59

Pre-Run: 31,547,314,176 bytes free
Post-Run: 31,263,920,128 bytes free

- - End Of File - - D560F1AF93C84BBA43EDE959A47D984E

NOTE: The Turkojan files are something I used to play a prank on my brother (after he used an MSN+ script to play a prank on me a long time ago) I thought I had deleted those already... Ah well.
  • 0

#5
kahdah
Posted 23 June 2010 - 06:09 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#6
JustUniqu3
Posted 23 June 2010 - 06:48 AM

JustUniqu3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
MBAM --:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4228

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

23/06/2010 1:17:22 PM
mbam-log-2010-06-23 (13-17-22).txt

Scan type: Quick scan
Objects scanned: 129218
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Will post back when ESET is done. How long should I expect this scan to take?

Edited by JustFKNUniqu3, 23 June 2010 - 06:49 AM.

  • 0

#7
kahdah
Posted 23 June 2010 - 07:06 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
The scan may take some time depending on the amount of files you have on the computer.
  • 0

#8
JustUniqu3
Posted 23 June 2010 - 08:45 AM

JustUniqu3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I finished the scan but I didn't think to myself and clicked uninstall on close. T.T

It found 16 files in total and deleted/quarantined them all.

I'm really kicking myself in the rear for doing that heh.

My apologies, but, I'm happy to take the risk of saying ESET did what had to do. So, what would you like to do next?

Edited by JustFKNUniqu3, 23 June 2010 - 08:46 AM.

  • 0

#9
JustUniqu3
Posted 23 June 2010 - 09:04 AM

JustUniqu3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I forgot to mention in my previous post and didn't want to edit it so I could ensure this was read:

I have tried 3 google search tests and I did not get any blank pages afterwards.

I will await further instructions from you to ensure their isn't something else I haven't noticed, but I thank you for fixing this!
  • 0

#10
kahdah
Posted 23 June 2010 - 11:49 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
[2010/03/25 19:54:34 | 000,002,296 | -HS- | C] () -- C:\Users\Dale\AppData\Local\2Q757bFxJ7S
[2010/03/25 19:54:34 | 000,002,296 | -HS- | C] () -- C:\ProgramData\2Q757bFxJ7S
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

Advertisements

#11
JustUniqu3
Posted 23 June 2010 - 12:52 PM

JustUniqu3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTL Fix --:
========== OTL ==========
C:\Users\Dale\AppData\Local\2Q757bFxJ7S moved successfully.
C:\ProgramData\2Q757bFxJ7S moved successfully.

OTL by OldTimer - Version 3.2.6.1 log created on 06232010_194730


OTL Scan --:
OTL logfile created on: 23/06/2010 7:48:15 PM - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Dale\Desktop\NO MALWARE
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 28.84 Gb Free Space | 19.35% Space Free | Partition Type: NTFS
Drive D: | 591.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 149.05 Gb Total Space | 124.27 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 102.97 Gb Free Space | 69.08% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: DALE-PC
Current User Name: Dale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Dale\Desktop\NO MALWARE\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe (TeamSpeak Systems)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation)
PRC - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (FirebirdSQL Project)
PRC - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (FirebirdSQL Project)
PRC - C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\lxbfcoms.exe ( )


========== Modules (SafeList) ==========

MOD - C:\Users\Dale\Desktop\NO MALWARE\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VideoAcceleratorService) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (FirebirdSQL Project)
SRV - (lxbf_device) -- C:\Windows\System32\lxbfcoms.exe ( )
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (Mkd2kfNt) -- C:\Windows\System32\drivers\Mkd2kfNT.sys (AhnLab, Inc.)
DRV - (Mkd2Nadr) -- C:\Windows\System32\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\vrtaucbl.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 23:47:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 13:00:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/23 13:00:26 | 000,000,000 | ---D | M]

[2009/10/06 22:43:03 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions
[2009/10/06 22:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/30 17:56:39 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/23 10:39:13 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions
[2009/10/06 22:50:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 19:16:35 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/11/01 13:05:20 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/02/09 23:01:43 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/03/19 12:54:57 | 000,000,000 | ---D | M] -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\x8r7xqby.default\extensions\[email protected]
[2009/10/06 22:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/23 13:00:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/23 13:00:12 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/23 13:00:12 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 17:41:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/12/31 10:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2009/09/25 17:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 17:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/03 01:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/02/06 13:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/06/23 13:00:14 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/09/25 17:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/03/12 22:58:05 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 22:58:05 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/12 22:58:05 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 22:58:05 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/12 22:58:05 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 22:58:05 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/12 22:58:05 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/12 22:58:05 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/23 12:53:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm ()
O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: FreshDownload - {15697B7E-3594-4C7B-90E5-52FA0174C3BB} - C:\Program Files\FreshDevices\FreshDownload\fd.exe File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamesp...nch/alaunch.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dale\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dale\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/30 16:25:37 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2010/05/30 16:22:36 | 000,595,499 | ---- | M] () - C:\Autoruns.zip -- [ NTFS ]
O32 - AutoRun File - [2005/08/01 16:44:27 | 000,000,225 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/09/16 20:51:12 | 000,999,424 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/05/26 20:54:55 | 000,002,146 | ---- | M] () - E:\autorestart.smx -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/23 19:47:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/23 12:59:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/23 12:59:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/23 12:59:34 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\temp
[2010/06/23 12:32:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/23 12:32:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/23 12:32:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/23 12:28:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/06/23 12:27:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/23 12:27:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/23 10:16:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/23 10:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/23 10:03:16 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\NO MALWARE
[2010/06/14 20:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/13 01:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/09 22:43:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/09 22:43:50 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/09 22:43:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/09 22:43:39 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/06/09 22:43:39 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/09 22:43:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/06/09 22:43:39 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/09 22:43:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/06/09 22:43:38 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/09 22:43:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/06/09 22:43:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/09 22:43:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/06/09 22:43:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/06/09 22:43:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/06/09 22:43:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/06/09 22:43:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/09 22:43:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/09 22:43:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/06/09 22:43:12 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/05 03:46:44 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\profiles
[2010/06/04 18:14:23 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\MTA-Lua
[2010/06/04 12:42:03 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\InfraRecorder
[2010/06/04 11:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010/06/02 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\profiles
[2010/05/31 15:28:03 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\LogMeIn Hamachi
[2010/05/31 15:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/05/30 16:25:37 | 000,000,000 | ---D | C] -- C:\Autoruns
[2010/05/27 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\Vitalwerks
[2010/05/27 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP
[2010/05/27 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\HACKS
[2010/05/26 14:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\TS Admin-Client 2
[2010/05/26 11:48:55 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/26 11:48:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/25 16:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2009/08/21 22:13:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\A3D.DLL
[2009/07/31 19:44:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll
[2009/07/31 19:44:14 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll
[2009/07/31 19:44:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll
[2009/07/31 19:44:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll
[2009/07/31 19:44:14 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll
[2009/07/31 19:44:13 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll
[2009/07/31 19:44:13 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll
[2009/07/31 19:44:13 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll
[2009/07/31 19:44:13 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll
[2009/07/31 19:44:13 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll
[2009/07/31 19:44:13 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll
[2009/07/31 19:44:13 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll

========== Files - Modified Within 30 Days ==========

[2010/06/23 19:51:11 | 008,388,608 | -HS- | M] () -- C:\Users\Dale\ntuser.dat
[2010/06/23 19:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/23 18:38:42 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9FBFB0A4-B2C3-4DE6-A4C4-C5C98FC53CDA}.job
[2010/06/23 18:08:53 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 18:08:53 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 17:19:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/23 16:14:12 | 000,729,668 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/23 16:14:12 | 000,631,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/23 16:14:12 | 000,111,974 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/23 16:11:35 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/06/23 16:08:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/23 16:08:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/23 16:08:28 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 16:06:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/23 16:06:03 | 000,524,288 | -HS- | M] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TMContainer00000000000000000001.regtrans-ms
[2010/06/23 16:06:03 | 000,065,536 | -HS- | M] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TM.blf
[2010/06/23 16:05:52 | 002,504,545 | -H-- | M] () -- C:\Users\Dale\AppData\Local\IconCache.db
[2010/06/23 13:34:41 | 000,000,218 | ---- | M] () -- C:\Windows\scrantic.ini
[2010/06/23 12:53:49 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/23 12:53:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/23 11:16:19 | 000,003,775 | ---- | M] () -- C:\Users\Dale\Desktop\archetype.xml
[2010/06/23 10:25:09 | 000,000,857 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/06/22 23:05:18 | 000,075,809 | ---- | M] () -- C:\Users\Dale\Desktop\nsgbannerad.jpg
[2010/06/22 23:04:58 | 000,559,893 | ---- | M] () -- C:\Users\Dale\Desktop\nsgbanner.psd
[2010/06/22 17:10:51 | 000,000,600 | ---- | M] () -- C:\Users\Dale\AppData\Local\PUTTY.RND
[2010/06/22 14:25:36 | 000,100,115 | ---- | M] () -- C:\Users\Dale\Desktop\SlavehackNCPsoftwarelist.html
[2010/06/21 01:25:01 | 000,009,138 | ---- | M] () -- C:\Users\Dale\Desktop\commands.xml
[2010/06/19 17:46:43 | 000,001,874 | ---- | M] () -- C:\Users\Dale\Desktop\MTA San Andreas.lnk
[2010/06/19 13:16:02 | 000,000,032 | ---- | M] () -- C:\Windows\Gunzlauncher.INI
[2010/06/19 13:03:56 | 000,000,613 | ---- | M] () -- C:\Users\Dale\Desktop\Launch Trinity.lnk
[2010/06/14 20:39:48 | 000,138,056 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/14 20:39:48 | 000,138,056 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\PnkBstrK.sys
[2010/06/14 00:11:52 | 000,000,406 | ---- | M] () -- C:\Users\Dale\Desktop\settings.Conf
[2010/06/13 13:36:15 | 000,001,774 | -H-- | M] () -- C:\Users\Dale\Documents\Default.rdp
[2010/06/10 12:04:09 | 002,210,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 23:20:01 | 000,013,807 | ---- | M] () -- C:\Users\Dale\Desktop\nsg.png
[2010/06/09 23:19:11 | 000,034,304 | ---- | M] () -- C:\Users\Dale\Documents\Blank.doc
[2010/06/07 02:17:58 | 000,524,288 | -HS- | M] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TMContainer00000000000000000002.regtrans-ms
[2010/06/07 02:00:20 | 000,524,288 | -HS- | M] () -- C:\Users\Dale\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/07 02:00:20 | 000,065,536 | -HS- | M] () -- C:\Users\Dale\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/04 12:15:11 | 733,419,520 | ---- | M] () -- C:\Users\Dale\Desktop\ubuntu-10.04-desktop-i386.iso
[2010/06/04 11:51:58 | 000,000,921 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/06/04 11:51:58 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2010/06/02 17:02:56 | 000,000,419 | ---- | M] () -- C:\Windows\System32\settings.Conf
[2010/06/01 15:02:24 | 002,419,568 | ---- | M] () -- C:\Windows\System32\pbsvc_apb.exe
[2010/05/31 15:27:08 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2010/05/30 16:22:36 | 000,595,499 | ---- | M] () -- C:\Autoruns.zip
[2010/05/28 19:22:17 | 000,002,930 | ---- | M] () -- C:\Users\Dale\Desktop\aliases.smx
[2010/05/28 19:17:18 | 000,001,248 | ---- | M] () -- C:\Users\Dale\Desktop\aliases.sp
[2010/05/28 01:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2010/05/26 18:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 15:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/26 14:15:27 | 000,000,817 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\TS Admin-Client 2.lnk
[2010/05/26 14:15:27 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\TS Admin-Client 2.lnk
[2010/05/25 16:27:37 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk

========== Files Created - No Company Name ==========

[2010/06/23 12:32:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/23 12:32:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/23 12:32:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/23 12:32:33 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/23 12:32:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/22 23:01:17 | 000,003,775 | ---- | C] () -- C:\Users\Dale\Desktop\archetype.xml
[2010/06/22 14:25:33 | 000,100,115 | ---- | C] () -- C:\Users\Dale\Desktop\SlavehackNCPsoftwarelist.html
[2010/06/22 00:00:49 | 000,075,809 | ---- | C] () -- C:\Users\Dale\Desktop\nsgbannerad.jpg
[2010/06/22 00:00:17 | 000,559,893 | ---- | C] () -- C:\Users\Dale\Desktop\nsgbanner.psd
[2010/06/21 00:49:37 | 000,009,138 | ---- | C] () -- C:\Users\Dale\Desktop\commands.xml
[2010/06/19 13:03:56 | 000,000,613 | ---- | C] () -- C:\Users\Dale\Desktop\Launch Trinity.lnk
[2010/06/14 20:39:31 | 002,419,568 | ---- | C] () -- C:\Windows\System32\pbsvc_apb.exe
[2010/06/09 23:20:01 | 000,013,807 | ---- | C] () -- C:\Users\Dale\Desktop\nsg.png
[2010/06/09 23:19:01 | 000,034,304 | ---- | C] () -- C:\Users\Dale\Documents\Blank.doc
[2010/06/07 02:09:08 | 000,524,288 | -HS- | C] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TMContainer00000000000000000002.regtrans-ms
[2010/06/07 02:09:08 | 000,524,288 | -HS- | C] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TMContainer00000000000000000001.regtrans-ms
[2010/06/07 02:09:07 | 000,065,536 | -HS- | C] () -- C:\Users\Dale\ntuser.dat{071e414a-71cf-11df-b0b1-001c25349b08}.TM.blf
[2010/06/05 03:46:44 | 000,000,406 | ---- | C] () -- C:\Users\Dale\Desktop\settings.Conf
[2010/06/04 11:58:12 | 733,419,520 | ---- | C] () -- C:\Users\Dale\Desktop\ubuntu-10.04-desktop-i386.iso
[2010/06/04 11:51:58 | 000,000,921 | ---- | C] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/06/04 11:51:58 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\InfraRecorder.lnk
[2010/06/04 10:40:20 | 000,001,874 | ---- | C] () -- C:\Users\Dale\Desktop\MTA San Andreas.lnk
[2010/06/02 17:00:50 | 000,000,419 | ---- | C] () -- C:\Windows\System32\settings.Conf
[2010/05/31 15:27:08 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2010/05/30 16:43:06 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/30 16:22:28 | 000,595,499 | ---- | C] () -- C:\Autoruns.zip
[2010/05/28 19:02:11 | 000,001,248 | ---- | C] () -- C:\Users\Dale\Desktop\aliases.sp
[2010/05/28 18:57:58 | 000,002,930 | ---- | C] () -- C:\Users\Dale\Desktop\aliases.smx
[2010/05/28 01:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/05/26 14:15:27 | 000,000,817 | ---- | C] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\TS Admin-Client 2.lnk
[2010/05/26 14:15:27 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\TS Admin-Client 2.lnk
[2010/05/25 16:27:37 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010/04/02 00:51:04 | 000,002,121 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2010/03/29 09:20:54 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\vrtaucbl.sys
[2009/11/29 13:06:22 | 000,000,032 | ---- | C] () -- C:\Windows\Gunzlauncher.INI
[2009/11/22 10:40:57 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/19 20:09:34 | 000,000,208 | ---- | C] () -- C:\Windows\DBMANA~1.INI
[2009/11/09 20:33:28 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/10/26 12:32:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 22:14:32 | 000,000,218 | ---- | C] () -- C:\Windows\scrantic.ini
[2009/10/15 18:50:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/10/15 18:50:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/10/04 00:35:29 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/09/21 22:06:40 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/08/21 22:14:23 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/08/21 22:13:59 | 000,061,318 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/08/21 22:13:59 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/08/16 15:40:36 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/16 15:25:07 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/16 15:25:05 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/07/31 19:46:46 | 000,000,420 | ---- | C] () -- C:\Windows\lexstat.ini
[2009/07/31 19:44:14 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll
[2009/07/31 19:44:14 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll
[2009/06/27 13:08:09 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/06/26 12:21:05 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll
[2007/01/25 18:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/01/12 10:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2005/09/13 17:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll
[2005/01/19 10:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D48F2BA9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE
< End of report >
  • 0

#12
JustUniqu3
Posted 23 June 2010 - 04:01 PM

JustUniqu3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Bah, just as I thought it was running fine, I've encountered another problem which does as described below:

These pages seem to load faster, so I fail to read the URL for them, they come up randomly and link at to random websites, all of the pages they link out to however simply time out, if you wish to see what the URLs look like I have them in my browser history so they are available on request.

One thing in common that I notice however, is they all have ".[TLD]/?xurl" in the URL.

They seem to appear quite infrequently (It seems to be like once every hour or so?), I'm wondering if I should do a system restore to yesterday or something? (I don't remember seeing anything yesterday, and I haven't installed anything new over the last couple days as far as I remember.)
  • 0

#13
kahdah
Posted 23 June 2010 - 05:15 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Is this specific to any browser?
If so which one?
  • 0

#14
JustUniqu3
Posted 24 June 2010 - 01:00 AM

JustUniqu3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Firefox, though, I don't use any other browser except Firefox so without doing a good long browsing session in something like IE I wouldn't know.
  • 0

#15
kahdah
Posted 24 June 2010 - 05:30 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP