[Orcitect]

Hello,

I've recently had a few niggles in my system, firstly, i cannot get ANY antivirus to update, the definitions that i do have picked up; Adware, rogue.antivirus and some other little things, mostly adware, which i allowed them to deal with. But the problem persists;

1 - I cannot update any antivirus program i have tried.
2 - I occasionally (less since i've taken care of the adware.) Get browser redirects, usually on google search results.
3 - My computer seems to be hesitant in going onto anti spyware websites (eg. i tried numerous times getting the manual Malwarebyte's update, but failed in doing so, got it on another pc and installed it, but it hasn't made a difference.

I just can't figure out what it is, Avast say's there's nothing (albeit, it's out of date due to the lack of updates.) Malwarebytes picked up adware, but didn't fix the update problem, I tried Spyware doctor, again it only really found adware.

Does anyone have any advice? I'd just like my antiviruses up to date

[Advertisements]

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[SweetTech]

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instruction that I give you.
  Reading too lightly will cause you to miss important steps, which could have destructive effects.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  

  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

[Orcitect]

1. Thanks for the swift reply.

2:

OTL Extras logfile created on: 13/07/2010 16:31:39 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Mike\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 427.03 Gb Free Space | 91.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.08 Gb Total Space | 94.72 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUS
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12AE0970-699B-40FE-BFB9-E99E4133F786}" = lport=445 | protocol=6 | dir=in | app=system |
"{34C9BE3C-03A5-447D-A48A-35FBEF2AD75E}" = lport=138 | protocol=17 | dir=in | app=system |
"{3FD0681B-6E07-433D-B73D-C7F1C4F6B287}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6FB20A60-121E-465C-8E97-174E4F5B1305}" = rport=138 | protocol=17 | dir=out | app=system |
"{782EA5C3-62A2-4020-85BA-FD3124E57A35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8402EF34-CD73-4E2B-A979-759FD3CA1AC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A3C62A0-3982-4F5B-AC64-D04D4696EA4A}" = rport=445 | protocol=6 | dir=out | app=system |
"{A851EA2E-320D-47FE-B036-6D76FF74027D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B060E4CE-4ADB-4BBD-B1FB-D36FED3B605B}" = rport=137 | protocol=17 | dir=out | app=system |
"{B0F1A5DD-E05C-49A6-B841-752F0B33F110}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C39EF454-25E5-4680-B473-990ECD29F48E}" = rport=139 | protocol=6 | dir=out | app=system |
"{C8614958-F775-49BF-A701-AE3AD09F8132}" = lport=137 | protocol=17 | dir=in | app=system |
"{CF6F8D41-82CC-4DA0-9991-7660BD3C55FF}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CAE202-BB59-4743-86D3-FBA1ED88B4DF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{06DC1F1C-D9D6-4836-8AE5-41F8361C6CC2}" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"{0B0CA115-FCBF-4509-91C9-19A923DB967E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{0CECFA08-66EA-432A-BD64-8FAE87391233}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0DDF5185-E3C9-47E7-BA46-C83EFE108B01}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{0ECF7877-0325-4C13-8AB7-7280542E3E7F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0F518C91-6402-47B9-92FA-78F8F69B268E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{100F9CDA-D863-4614-9A71-4C00975B5716}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{15312970-767C-468E-8890-3D2A29C43F55}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1F8D41E0-8146-4F3C-9326-0CF7C031048C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{2366918B-3B43-4B4F-9DF6-FFC03CD8544B}" = protocol=17 | dir=in | app=e:\programs\steam\steamapps\cold_blooded_assasian\counter-strike source\hl2.exe |
"{254469A2-BF29-4307-A679-ADCE561C53C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{25B252E7-9744-4148-99F6-4D3F32590686}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{34C66EDD-0D0A-47AD-B2D7-C34507FE8247}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37CD59E5-DE2C-443D-BFF3-D96DB54D3F61}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{37E7172C-FB3D-4176-852E-BD1FB35093AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{44DBEB4F-CED6-4188-B693-82F369525DF3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{471CB853-E71E-4B1A-AF65-D47CB0991AB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{51344C6A-173F-4244-960C-D4B24D7A6102}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{568DF907-0B60-4FB0-B90B-A69130B0DEFB}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{56F2A3AD-3A5C-4D53-99C2-FC7694A0126B}" = protocol=6 | dir=in | app=e:\programs\steam\steamapps\cold_blooded_assasian\counter-strike source\hl2.exe |
"{5981C152-2CDD-4557-AAD6-32AF356B90E1}" = protocol=1 | dir=in | [email protected],-28543 |
"{5E210ECF-94BA-4DE9-98CC-93CF271943A0}" = protocol=6 | dir=in | app=e:\shooty\ijjioptimizer.exe |
"{60A696E2-74AF-4185-B33B-A13E9EDB27CA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{67D8F4B5-0713-46B8-90F9-7375085A5B3A}" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"{6B3A2C79-721A-4A81-98DC-C34E257656F1}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{736180EE-50A6-4CEA-AC23-5224FD71443A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{7DF3C181-8994-4973-8761-356795730F96}" = protocol=17 | dir=in | app=e:\programs\dirt\dirt2_game.exe |
"{81723666-0446-47C2-B3E1-42CD1D930D5C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{81C05215-4C0E-4345-892D-5DE73E46C512}" = protocol=6 | dir=in | app=e:\programs\steam\steam.exe |
"{84560603-C15B-4847-B49D-2621DF0FEEC9}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{859F9C9A-2CE1-451C-962F-5E09299B0342}" = protocol=6 | dir=in | app=e:\programs\ijjioptimizer.exe |
"{882D4E37-2AC0-4E8F-8000-534AFF601FAD}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{8AA1E239-090B-46D0-8151-B037C40425B8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{8C646AFA-C316-4F90-B074-3CDAF92E16C1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9353D1B1-2BD8-4B06-81F8-A9EA53DB5254}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{95F3860D-1172-4B75-8818-1BD56A6C5A1F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9F5AEB4E-7CE2-4303-BA93-F7DB37C939C4}" = protocol=17 | dir=in | app=e:\shooty\ijjioptimizer.exe |
"{A12B93AE-B607-40C3-B611-5AF71E6702F8}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A4787480-C17D-47AD-B2EC-D0F54DCDD5D4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A85884B0-B2C4-453F-86B2-B3ADBF267030}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{ABD39835-1EA3-4EEF-93DE-72D532ADC791}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B026AAB1-9452-404B-AB78-E35D55B4F69F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B4C95EF9-6812-4A76-B736-221DDF0763EA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B7033623-0C7B-48E6-A487-578EE384BCCC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BB691729-60F9-4ECB-941F-066D9469CB27}" = protocol=1 | dir=out | [email protected],-28544 |
"{BD4A27D5-CFB7-479D-94B8-883CA168C500}" = protocol=6 | dir=in | app=e:\programs\dirt\dirt2_game.exe |
"{BE4B85C0-2A2D-4B4E-BE80-98E74A7AC465}" = protocol=58 | dir=in | [email protected],-28545 |
"{C33E9669-C5B3-4B55-8F26-E02A172FD7AA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C9F9B042-3CD3-4111-B883-D32CEDA0BCAC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D4A689F5-6698-4997-B493-D005E2BC8D56}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe |
"{D878D7FB-216E-4EFE-8473-4F29688E7F48}" = protocol=58 | dir=out | [email protected],-28546 |
"{D897B2AA-05D9-4B5D-BFA1-A48ABFF3A76B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{DA27F8CA-4FD8-4CCF-91D4-00B2CB405E2C}" = protocol=17 | dir=in | app=e:\programs\steam\steam.exe |
"{DC7F5CEF-ECE6-44D7-B548-8258A5D55FFD}" = protocol=17 | dir=in | app=e:\programs\ijjioptimizer.exe |
"{E9279CC7-F14E-46C9-8B81-F7D35227FAAF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{ED445783-57AF-44D2-8A3E-57A1C4BF95A0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{FBBA94AD-2C96-40EA-AE69-AB8D7A8D1132}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEEF224D-EC15-4B97-9614-26D7B7B5D153}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe |
"TCP Query User{01192686-BBF2-45EC-A89A-DCEF38B9D5F7}E:\ac web ultimate repack\ascent\ascent-logonserver.exe" = protocol=6 | dir=in | app=e:\ac web ultimate repack\ascent\ascent-logonserver.exe |
"TCP Query User{0636EF3C-FF14-4B3F-B746-5D2C3620262F}E:\programs\retail wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\programs\retail wow\world of warcraft\launcher.exe |
"TCP Query User{07837947-7643-4020-82B3-B6C5815B8606}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{0B76CA5D-353C-4282-BAED-CDF6C2D8D520}E:\downloads\wow-burningcrusade-enus.exe" = protocol=6 | dir=in | app=e:\downloads\wow-burningcrusade-enus.exe |
"TCP Query User{0D4BE23D-DB18-4836-8146-6D243A5E7ADC}C:\users\mike\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\mike\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{10E33DD6-4E4A-4131-B635-23A15804D9F3}C:\users\mike\appdata\local\temp\rar$ex00.981\wow-burningcrusade-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\temp\rar$ex00.981\wow-burningcrusade-engb-installer-downloader.exe |
"TCP Query User{19B9D354-DB3C-44C6-AFBE-EEE5EDEE92DD}C:\users\mike\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mike\program files\dna\btdna.exe |
"TCP Query User{1BBA42AB-222F-41EB-8211-74FBCCB74A4B}E:\programs\steam\steamapps\cold_blooded_assasian\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=e:\programs\steam\steamapps\cold_blooded_assasian\half-life 2 deathmatch\hl2.exe |
"TCP Query User{1D74ED37-EB29-4090-924A-BFCCA09F6E0F}E:\programs\wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\programs\wow\world of warcraft\launcher.exe |
"TCP Query User{239F85F8-5C60-4555-9559-60E3F40A7DA1}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{2512C6C4-27B7-4562-AD6F-55A35AB8CBF9}E:\ac web ultimate repack\ascent\ascent-world.exe" = protocol=6 | dir=in | app=e:\ac web ultimate repack\ascent\ascent-world.exe |
"TCP Query User{4341DEBB-AE8E-451C-B6B7-778273B4AE8F}E:\ac web ultimate repack\server\apache\bin\apache.exe" = protocol=6 | dir=in | app=e:\ac web ultimate repack\server\apache\bin\apache.exe |
"TCP Query User{58D38AED-4535-4987-B193-53D9DEFE5040}E:\programs\wow\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\programs\wow\world of warcraft\backgrounddownloader.exe |
"TCP Query User{65DE329B-AE70-4654-87D8-658D839F500D}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{687AF207-92E9-42FF-9A0D-BC10F83A67F3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{70C0293F-495B-48DB-BC7D-EB9749D94011}E:\downloads\wowclient-downloader.exe" = protocol=6 | dir=in | app=e:\downloads\wowclient-downloader.exe |
"TCP Query User{738C0699-63D1-4CEF-A308-52B1B44EFFE4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{74A3F896-B29D-4A1E-B56B-A55B1E3F130D}E:\programs\wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\programs\wow\world of warcraft\launcher.exe |
"TCP Query User{78383AD3-F68F-4A80-A725-5F89F7827669}E:\programs\not wow\launcher.exe" = protocol=6 | dir=in | app=e:\programs\not wow\launcher.exe |
"TCP Query User{79541813-8DB1-48FB-A9F1-113102222195}E:\mangos\mangosd.exe" = protocol=6 | dir=in | app=e:\mangos\mangosd.exe |
"TCP Query User{7B415D13-E864-46A4-96FA-635E35A3A1E2}E:\programs\world of warcraft\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\programs\world of warcraft\world of warcraft\launcher.exe |
"TCP Query User{824E7A6D-8016-4AB0-8DCA-5B08421828B3}E:\programs\scape 3.1\launcher.exe" = protocol=6 | dir=in | app=e:\programs\scape 3.1\launcher.exe |
"TCP Query User{8ACC4A14-86EA-4E8A-B18F-E683F24F4861}E:\ac web ultimate repack\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\ac web ultimate repack\server\mysql\bin\mysqld.exe |
"TCP Query User{8D67D468-66BB-49AE-9534-7A3E6240754D}C:\users\mike\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\mike\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{90C97CFE-CB7F-4D72-B092-E7698C9C932E}C:\users\mike\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{9F8C8C86-31D4-4CCF-B0F6-BD1325A1A487}E:\shooty\reactor.exe" = protocol=6 | dir=in | app=e:\shooty\reactor.exe |
"TCP Query User{AA7487A2-CE43-442C-97D2-BCC87DB41996}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AF964FCA-7DD2-4BAE-A039-929EE4DA8A6D}E:\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=e:\imvuclient\1vivoxvoice.exe |
"TCP Query User{B86690C8-8B57-4C07-8A5D-2B37A78D4A9C}E:\programs\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\programs\riot games\league of legends\lol.launcher.exe |
"TCP Query User{BB8D0A02-A9AC-42B6-8DC6-3411662A3113}E:\mangos\realmd.exe" = protocol=6 | dir=in | app=e:\mangos\realmd.exe |
"TCP Query User{BBD484C7-16CF-4F90-A1BE-D9777761E958}E:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{BDA229C5-1F32-446E-B0A1-B7A027636C09}E:\programs\reactor.exe" = protocol=6 | dir=in | app=e:\programs\reactor.exe |
"TCP Query User{C2E32CB0-70C4-422C-B1F8-869B4CB43C3C}C:\users\mike\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mike\program files\dna\btdna.exe |
"TCP Query User{C7926F73-98DB-4473-85A2-116D8083CAEB}E:\programs\steam\steamapps\cold_blooded_assasian\source sdk base\hl2.exe" = protocol=6 | dir=in | app=e:\programs\steam\steamapps\cold_blooded_assasian\source sdk base\hl2.exe |
"TCP Query User{CA9DB286-4F20-4597-871E-7F400024DE25}C:\program files\game vindicator\game vindicator\gamevindicator.exe" = protocol=6 | dir=in | app=c:\program files\game vindicator\game vindicator\gamevindicator.exe |
"TCP Query User{CF5E1737-404E-42C4-9515-7C5601BC53E6}E:\programs\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\programs\world of warcraft\launcher.exe |
"TCP Query User{D80929A9-40DB-4460-A2B3-45F55BE248AB}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{DD4B5CCA-D95B-4CBF-84C6-5C330778AF57}E:\programs\steam\steamapps\cold_blooded_assasian\dystopia\hl2.exe" = protocol=6 | dir=in | app=e:\programs\steam\steamapps\cold_blooded_assasian\dystopia\hl2.exe |
"TCP Query User{E63DB299-4C80-4A3A-B0F0-FCD3CDB30345}E:\programs\wow\world of warcraft\repair.exe" = protocol=6 | dir=in | app=e:\programs\wow\world of warcraft\repair.exe |
"TCP Query User{EA9A2C71-DBDA-413C-A16E-E2C08363E942}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{F57923BC-3689-472F-BB72-03583A76BF79}E:\frostywire\frostwire\frostwire.exe" = protocol=6 | dir=in | app=e:\frostywire\frostwire\frostwire.exe |
"TCP Query User{FA1ACD48-6DB8-486E-8C5C-FDE3306089F4}C:\program files\amsn\bin\wish.exe" = protocol=6 | dir=in | app=c:\program files\amsn\bin\wish.exe |
"TCP Query User{FD92C046-A0D7-4327-8854-7D9729983CB6}E:\mangos\db\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\mangos\db\bin\mysqld.exe |
"UDP Query User{04B79CA5-B43C-4FD0-9C0C-6471F0B7A736}E:\programs\steam\steamapps\cold_blooded_assasian\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=e:\programs\steam\steamapps\cold_blooded_assasian\half-life 2 deathmatch\hl2.exe |
"UDP Query User{09728CE0-33C1-4A27-B22C-8F786F50E619}E:\shooty\reactor.exe" = protocol=17 | dir=in | app=e:\shooty\reactor.exe |
"UDP Query User{0FD708E0-DBDE-49AA-8158-EA6216FE959D}C:\program files\game vindicator\game vindicator\gamevindicator.exe" = protocol=17 | dir=in | app=c:\program files\game vindicator\game vindicator\gamevindicator.exe |
"UDP Query User{13AA2BE7-E2ED-4A53-905D-D1C6A28D7A7C}E:\downloads\wowclient-downloader.exe" = protocol=17 | dir=in | app=e:\downloads\wowclient-downloader.exe |
"UDP Query User{1B580B0C-0B34-4B9B-9892-FF27E8ED01D3}C:\users\mike\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mike\program files\dna\btdna.exe |
"UDP Query User{20ADD10B-52CC-4A1D-B696-3BF29BFC3196}E:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{259B10F6-77A8-4BB5-BF3C-41AE359F6F32}E:\programs\wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\programs\wow\world of warcraft\launcher.exe |
"UDP Query User{25E8A97D-6D78-46DF-97C8-F63F933D5837}E:\ac web ultimate repack\server\apache\bin\apache.exe" = protocol=17 | dir=in | app=e:\ac web ultimate repack\server\apache\bin\apache.exe |
"UDP Query User{2641E610-2274-44FB-B2F0-D9C0B51E8A8E}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"UDP Query User{274B22BA-FEBF-44F9-82FD-C5139B0C4BC8}E:\programs\world of warcraft\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\programs\world of warcraft\world of warcraft\launcher.exe |
"UDP Query User{2E92D962-6B97-4ECB-928F-D55572FFAD34}C:\users\mike\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\mike\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{35E303A0-B420-475B-9709-3C512DA4A4BF}E:\mangos\mangosd.exe" = protocol=17 | dir=in | app=e:\mangos\mangosd.exe |
"UDP Query User{397E0F9F-CD36-4403-B38E-82161D52D1E7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3992250C-BFDA-425D-9EC5-22C48DE5A86C}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{4537C1C6-17CD-41C9-8247-9E327EF88128}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{47CD7AB1-2345-4338-B063-79165429AFDD}E:\programs\steam\steamapps\cold_blooded_assasian\source sdk base\hl2.exe" = protocol=17 | dir=in | app=e:\programs\steam\steamapps\cold_blooded_assasian\source sdk base\hl2.exe |
"UDP Query User{5463BFBB-4EBF-4C84-A91C-C48110F0B556}E:\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=e:\imvuclient\1vivoxvoice.exe |
"UDP Query User{587715F5-6C87-4333-98F9-6FD6426A0158}E:\downloads\wow-burningcrusade-enus.exe" = protocol=17 | dir=in | app=e:\downloads\wow-burningcrusade-enus.exe |
"UDP Query User{5A1EC7BA-9E58-4A54-9641-80F986869220}E:\frostywire\frostwire\frostwire.exe" = protocol=17 | dir=in | app=e:\frostywire\frostwire\frostwire.exe |
"UDP Query User{5CA4743C-1B9A-475B-B83C-E46052F17150}C:\users\mike\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\mike\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{6F392EB7-2E38-4093-8BA2-7002B4CE543E}E:\programs\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\programs\world of warcraft\launcher.exe |
"UDP Query User{71F796C9-5B1F-4437-A71D-8C230A5EA042}E:\mangos\realmd.exe" = protocol=17 | dir=in | app=e:\mangos\realmd.exe |
"UDP Query User{754A9430-2538-4727-97F6-ED1723225DEC}C:\users\mike\appdata\local\temp\rar$ex00.981\wow-burningcrusade-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\temp\rar$ex00.981\wow-burningcrusade-engb-installer-downloader.exe |
"UDP Query User{7A346B12-5C3C-4207-9902-E70CDF6F51D9}E:\programs\wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\programs\wow\world of warcraft\launcher.exe |
"UDP Query User{83FD8CB0-66FC-43A5-A4C8-0415B02F2F22}E:\programs\steam\steamapps\cold_blooded_assasian\dystopia\hl2.exe" = protocol=17 | dir=in | app=e:\programs\steam\steamapps\cold_blooded_assasian\dystopia\hl2.exe |
"UDP Query User{8460F01E-43B6-4FE7-8113-1EFF56184F18}E:\programs\retail wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\programs\retail wow\world of warcraft\launcher.exe |
"UDP Query User{87AB9ABD-4E6C-4293-8B13-555C06C1BF63}E:\programs\wow\world of warcraft\repair.exe" = protocol=17 | dir=in | app=e:\programs\wow\world of warcraft\repair.exe |
"UDP Query User{A0465A52-C41E-4F2B-8711-B4CEC1B6CC7C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{ACD36E2E-9C3E-4CAA-97C5-19BBDDEFEF39}C:\program files\amsn\bin\wish.exe" = protocol=17 | dir=in | app=c:\program files\amsn\bin\wish.exe |
"UDP Query User{AF5ACD3D-4156-4E92-BCE7-E68A327958BD}E:\programs\reactor.exe" = protocol=17 | dir=in | app=e:\programs\reactor.exe |
"UDP Query User{B097791D-5EE7-4A97-8DBC-642692508ED0}E:\mangos\db\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\mangos\db\bin\mysqld.exe |
"UDP Query User{BBC90148-B911-44CB-9F9A-3747D712FDEB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{BE9B5008-1750-4EB3-9681-7233A19EF597}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{D13531D9-6C17-4A8C-B5C9-1025BB8618ED}E:\ac web ultimate repack\ascent\ascent-logonserver.exe" = protocol=17 | dir=in | app=e:\ac web ultimate repack\ascent\ascent-logonserver.exe |
"UDP Query User{D2AC6697-B94B-4296-98AE-E898617FDA07}E:\programs\wow\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\programs\wow\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D40AC39C-CF9C-44ED-AB8D-9420BDF893AF}E:\ac web ultimate repack\ascent\ascent-world.exe" = protocol=17 | dir=in | app=e:\ac web ultimate repack\ascent\ascent-world.exe |
"UDP Query User{DA814259-248D-4E5E-82E0-848AFBE45856}C:\users\mike\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mike\program files\dna\btdna.exe |
"UDP Query User{DC2FBA42-3CB7-464F-9F57-3DEB1680DAA0}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{DE26A40E-20AF-4DA6-A2B4-77253AEC09E9}E:\programs\not wow\launcher.exe" = protocol=17 | dir=in | app=e:\programs\not wow\launcher.exe |
"UDP Query User{E4A95890-6C47-44E9-B407-CB81974BFABC}C:\users\mike\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{E5E97626-015A-43BC-8A74-11624AA2A273}E:\programs\scape 3.1\launcher.exe" = protocol=17 | dir=in | app=e:\programs\scape 3.1\launcher.exe |
"UDP Query User{F1B6D833-ACF0-4435-84E9-00DCEA132455}E:\ac web ultimate repack\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\ac web ultimate repack\server\mysql\bin\mysqld.exe |
"UDP Query User{F7DEFD73-7A2C-4F4E-A815-81D1BDE44E1C}E:\programs\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\programs\riot games\league of legends\lol.launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04FCFB2F-FEC3-4D9A-81FB-A18858CF52DB}_is1" = RAM Saver 8.0 Professional
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.6
"{1DAFF305-A88A-40AC-A882-EB2C6F53AF94}" = League of Legends
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008 Professional
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{61AE44DA-F2DE-4792-9796-5296A2CEC3D6}" = Saitek SD6 Programming Software 6.0.5.12
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8C6CF5C-8021-4EC4-A43B-096FE39CB2B5}" = World of Warcraft Model Viewer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Internet Security
"BitTorrent" = BitTorrent
"Browser Defender_is1" = Browser Defender 2.0.6.10
"Cache Cleaner 3.1.0.0" = Cache Cleaner 3.1.0.0
"Cache Cleaner 3.pre-1" = Cache Cleaner 3.pre-1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CopyTrans Suite" = CopyTrans Suite Remove Only
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DFX for Windows Media Player" = DFX for Windows Media Player
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.3.0
"DVD and CD Cover Print" = DVD and CD Cover Print
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 4.1.1 Professional
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 3055] [2009-08-16]
"Free DVD Burner (by minidvdsoft)_is1" = Free DVD Burner version 3.0
"FrostWire" = FrostWire 4.18.3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"ImTOO iPod Manager" = ImTOO iPod Computer Transfer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MpcStar" = MpcStar 3.6
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OEMInformation" = OEM Logo and Information
"OpenAL" = OpenAL
"paktefq" = Favorit
"Pidgin" = Pidgin
"RAR Password Cracker" = RAR Password Cracker 4.12
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 17580" = Dystopia
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.6.0509
"Vtune_is1" = Vtune 7.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"IMVU Previewer" = IMVU Tools

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 20/03/2009 13:12:28 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 16/06/2009 20:01:01 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 09/08/2009 18:01:03 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 04/10/2009 11:12:20 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 01/12/2009 11:20:33 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 01/12/2009 11:21:44 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 01/12/2009 11:23:00 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 04/02/2010 14:20:30 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 04/02/2010 14:23:21 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

Error - 19/04/2010 21:03:53 | Computer Name = Asus | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 13/07/2010 11:11:49 | Computer Name = Asus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/07/2010 11:15:24 | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Faulting application TFC.exe, version 3.1.6.0, time stamp 0x2a425e19,
faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc, exception
code 0xc0000005, fault offset 0x000b0af5, process id 0x1a8, application start time
0x01cb229de2e0ec8d.

Error - 13/07/2010 11:23:35 | Computer Name = Asus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/07/2010 11:23:56 | Computer Name = Asus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/07/2010 11:24:35 | Computer Name = Asus | Source = WinMgmt | ID = 10
Description =

Error - 13/07/2010 11:24:53 | Computer Name = Asus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/07/2010 11:24:53 | Computer Name = Asus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/07/2010 11:29:24 | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Faulting application sdloader.exe, version 5.0.1.15, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd, exception
code 0xc0000005, fault offset 0x000bf9cd, process id 0x1a8, application start time
0x01cb22a01fb7aad0.

Error - 13/07/2010 11:29:36 | Computer Name = Asus | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13/07/2010 11:32:34 | Computer Name = Asus | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ System Events ]
Error - 13/07/2010 07:30:54 | Computer Name = Asus | Source = Service Control Manager | ID = 7026
Description =

Error - 13/07/2010 09:33:54 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 09:33:55 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 09:33:56 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 09:33:56 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 11:13:06 | Computer Name = Asus | Source = Service Control Manager | ID = 7034
Description =

Error - 13/07/2010 11:24:36 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 11:24:36 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description =

Error - 13/07/2010 11:24:36 | Computer Name = Asus | Source = Service Control Manager | ID = 7026
Description =

Error - 13/07/2010 11:36:01 | Computer Name = Asus | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Vista Drive (SATA/Master).


< End of report >






OTL logfile created on: 13/07/2010 16:31:39 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Mike\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 427.03 Gb Free Space | 91.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.08 Gb Total Space | 94.72 Gb Free Space | 31.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUS
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - E:\Programs\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (ALWIL Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - E:\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Vtune\TBPANEL.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MyWebSearchService) -- C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (ALWIL Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Browser Defender Update Service) -- E:\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (XoftSpyService) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (ParetoLogic Inc.)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Users\Mike\Desktop\SD\SpywareDoctor\swdsvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Users\Mike\Desktop\SD\SpywareDoctor\svcntaux.exe (PC Tools)


========== Driver Services (SafeList) ==========

DRV - (vsmraid) -- C:\Windows\System32\DRIVERS\vsmraid.sys File not found
DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not found
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (iksysflt) -- C:\Windows\System32\drivers\iksysflt.sys File not found
DRV - (ikfileflt) -- C:\Windows\System32\drivers\ikfileflt.sys File not found
DRV - (iblb) -- C:\Windows\System32\drivers\mqqwwnds.sys File not found
DRV - (GarenaPEngine) -- C:\Users\Mike\AppData\Local\Temp\MBN1DFF.tmp File not found
DRV - (EIO) -- C:\Windows\System32\DRIVERS\EIO.sys File not found
DRV - (ASInsHelp) -- C:\Windows\System32\drivers\AsInsHelp32.sys File not found
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (ALWIL Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (ALWIL Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswNdis) -- C:\Windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (EverestDriver) -- E:\Programs\Everest-Ultimate-Edition-4.60.1601-hardal\kerneld.wnt ()
DRV - (PORTIO) -- C:\Users\Mike\Desktop\JungleFlasher\portio32.sys ()
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFS.sys (Raxco Software, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiUF51A) -- C:\Windows\System32\drivers\SaiUF51A.sys (Saitek)
DRV - (SaiHF51A) -- C:\Windows\System32\drivers\SaiHF51A.sys (Saitek)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows ® 2000 DDK provider)
DRV - (SysTool) -- C:\Windows\System32\drivers\SysTool.sys ()
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (GhPciScan) -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys (Symantec Corporation)
DRV - (Aspi32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.ijji.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.ask.com?o=...?o=15438&l=dis"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..keyword.URL: "http://www.fastbrows...8A71016E85}&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/17 12:57:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/17 12:57:45 | 000,000,000 | ---D | M]

[2009/09/20 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2009/09/20 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/06/30 15:42:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/29 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions
[2009/10/05 13:36:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/15 12:31:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}-trash
[2009/12/01 03:23:46 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/02/10 21:12:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/10/05 13:36:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/24 14:11:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\extensions\[email protected]
[2009/06/15 12:19:21 | 000,004,196 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\aim-search.xml
[2010/02/05 21:40:29 | 000,002,427 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\askcom.xml
[2009/12/01 03:23:47 | 000,005,413 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\fast-browser-search.xml
[2009/12/04 22:08:28 | 000,009,941 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\mywebsearch.xml
[2010/05/13 22:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 22:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/13 22:36:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/03/10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/08/24 20:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/21 16:41:42 | 000,001,013 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 cpalead.com
O1 - Hosts: 127.0.0.1 www.cpalead.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll File not found
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - E:\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Programs\Adobe\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe File not found
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XoftSpySE] C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe ()
O4 - HKCU..\Run: [Steam] e:\programs\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Users\Mike\AppData\Local\Temp\Zxd.exe File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.153,93.188.166.54
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a9f220c-a5e5-11de-a0ef-00221599cbb5}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{f4f73582-6b5f-11df-967b-00221599cbb5}\Shell\AutoRun\command - "" = J:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\Windows\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll File not found
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 16:28:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2010/07/13 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\SD
[2010/07/13 11:44:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\QuickScan
[2010/07/13 02:26:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2010/07/13 02:26:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/13 02:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/13 02:26:00 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/13 02:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 02:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/07/13 02:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/07/13 02:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2010/07/13 02:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2010/07/13 02:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010/07/10 19:37:47 | 001,421,080 | ---- | C] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
[2010/07/10 19:23:13 | 000,114,048 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/07/10 19:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/07/10 19:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/07/10 19:15:30 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\System32\WNASPI32.DLL
[2010/07/10 19:15:30 | 000,017,005 | ---- | C] (Adaptec) -- C:\Windows\System32\drivers\ASPI32.SYS
[2010/07/10 19:15:30 | 000,005,600 | ---- | C] (Adaptec) -- C:\Windows\System\WINASPI.DLL
[2010/07/10 19:15:30 | 000,004,672 | ---- | C] (Adaptec) -- C:\Windows\System\WOWPOST.EXE
[2010/07/10 19:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/10 19:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/07/10 19:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/10 19:13:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Symantec Norton Ghost 2003 Retail
[2010/07/10 18:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/07/10 16:38:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\hdeecL0n3p120
[2010/07/09 01:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra Video Joiner
[2010/06/22 23:26:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\SpywareDoctorPortable
[2010/06/21 16:27:27 | 048,145,920 | ---- | C] (Native Instruments GmbH) -- C:\Users\Mike\Desktop\Guitar Rig 4.dll
[2010/06/21 16:26:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2010/06/21 16:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/06/21 16:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2010/06/21 16:25:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/06/21 16:24:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/06/21 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/06/19 14:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2010/06/17 12:57:46 | 000,427,008 | ---- | C] (True Games Interactive) -- C:\Windows\System32\uc_wepic_launching.dll
[2010/06/17 12:57:46 | 000,208,384 | ---- | C] (<YNK Intractive>) -- C:\Windows\System32\uc_rohan_launching.dll
[2010/06/17 12:57:46 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\uc_neosteam_launching.dll
[2010/06/17 12:57:46 | 000,075,264 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_holybeast_launching.dll
[2010/06/17 12:57:46 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_sfighters_launching.dll
[2010/06/17 12:57:46 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_atlantica_launching.dll
[2010/06/17 12:57:46 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\uc_luminary_launching.dll
[2010/06/17 12:57:45 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2010/06/17 12:57:45 | 000,086,624 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\System32\ijjiChannelingPlugin.dll
[2010/06/17 12:57:45 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2010/06/17 12:57:45 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\Windows\System32\ijjiPlugin2.dll
[2010/06/16 01:11:27 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\AOinjector
[2010/06/16 01:07:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\AVA
[2010/06/15 22:30:25 | 003,584,240 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2010/06/15 22:29:05 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2010/06/15 22:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/06/15 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\New Folder
[2010/06/15 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\ijjigame
[2010/06/14 23:37:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
[2010/06/14 23:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/14 15:18:56 | 001,334,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvbvm50.dll
[2010/06/14 15:18:47 | 000,312,320 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/13 16:33:35 | 003,670,016 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT
[2010/07/13 16:28:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2010/07/13 16:23:37 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/13 16:23:20 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/13 16:23:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/13 16:23:00 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 16:23:00 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/13 16:22:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/13 16:21:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/13 16:21:36 | 000,524,288 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/07/13 16:21:36 | 000,065,536 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/07/13 16:17:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-928896281-1088641206-494770322-1000UA.job
[2010/07/13 12:43:47 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/13 12:43:47 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/13 12:43:47 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/13 12:23:50 | 002,347,857 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/07/13 02:44:49 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/07/13 02:44:49 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
[2010/07/13 02:26:06 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/13 02:04:12 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
[2010/07/13 01:56:04 | 000,000,087 | ---- | M] () -- C:\Users\Mike\AppData\Local\fdwov.bat
[2010/07/12 23:00:24 | 000,001,803 | ---- | M] () -- C:\Users\Mike\Desktop\IMVU.lnk
[2010/07/12 22:17:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-928896281-1088641206-494770322-1000Core.job
[2010/07/10 19:39:20 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
[2010/07/10 19:37:47 | 001,421,080 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
[2010/07/10 19:29:01 | 233,192,900 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/10 19:23:13 | 000,114,048 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/07/10 19:23:10 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Migrate Easy 7.0.lnk
[2010/07/10 18:30:58 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 4.1.1 Professional Edition.lnk
[2010/07/10 12:47:16 | 000,001,057 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\vso_ts_preview.xml
[2010/07/09 22:45:47 | 002,828,416 | ---- | M] () -- C:\Users\Mike\Desktop\Unknown - Caramell Dansen (Speedycake remix).mp3
[2010/07/09 11:31:18 | 011,027,072 | ---- | M] () -- C:\Users\Mike\Documents\Buddy Guy - Sweet Home Chicago.mp3
[2010/07/09 11:28:09 | 000,012,145 | -HS- | M] () -- C:\Users\Mike\Documents\Folder.jpg
[2010/07/09 11:28:09 | 000,012,145 | -HS- | M] () -- C:\Users\Mike\Documents\AlbumArt_{B13D5C1A-DE3B-42A0-B263-51FC3A231AE1}_Large.jpg
[2010/07/09 11:28:09 | 000,002,754 | -HS- | M] () -- C:\Users\Mike\Documents\AlbumArtSmall.jpg
[2010/07/09 11:28:09 | 000,002,754 | -HS- | M] () -- C:\Users\Mike\Documents\AlbumArt_{B13D5C1A-DE3B-42A0-B263-51FC3A231AE1}_Small.jpg
[2010/07/09 11:27:48 | 013,248,768 | ---- | M] () -- C:\Users\Mike\Documents\B.B. King at his best.mpg.mp3
[2010/07/09 11:25:35 | 020,651,201 | ---- | M] () -- C:\Users\Mike\Documents\B.B. King at his best.mpg.mp4
[2010/07/09 11:20:00 | 017,591,663 | ---- | M] () -- C:\Users\Mike\Documents\Buddy Guy - Sweet Home Chicago.mp4
[2010/07/09 02:07:08 | 000,029,184 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 01:55:37 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Ultra Video Joiner.lnk
[2010/07/09 01:18:17 | 023,799,243 | ---- | M] () -- C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 3 TV.mp4
[2010/07/09 01:16:27 | 022,592,290 | ---- | M] () -- C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 2 TV.mp4
[2010/07/09 01:16:10 | 036,548,191 | ---- | M] () -- C:\Users\Mike\Documents\The Cat in the Hat. part 1 TV.mp4
[2010/07/09 00:50:15 | 000,000,697 | ---- | M] () -- C:\Users\Mike\Desktop\YouTube Downloader.lnk
[2010/07/04 15:30:27 | 000,002,032 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2010/06/29 02:26:07 | 000,066,242 | ---- | M] () -- C:\Users\Mike\Desktop\Cheetoes.png
[2010/06/21 16:26:31 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk
[2010/06/21 03:25:55 | 000,018,608 | ---- | M] () -- C:\Users\Mike\Documents\big_4972610.jpg
[2010/06/21 01:52:57 | 000,001,097 | ---- | M] () -- C:\Users\Mike\Desktop\Cache Cleaner.lnk
[2010/06/20 23:58:43 | 000,004,176 | ---- | M] () -- C:\Users\Mike\Desktop\For Those Who Can Still Ride an Airplane for the First time by Anis Mojgani.rtf
[2010/06/20 23:54:25 | 000,003,343 | ---- | M] () -- C:\Users\Mike\Desktop\Milos by Anis Mojgani.rtf
[2010/06/17 13:40:23 | 000,000,599 | ---- | M] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2010/06/17 12:57:46 | 000,000,561 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/06/17 12:57:46 | 000,000,561 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2010/06/17 12:57:46 | 000,000,153 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2010/06/16 19:22:16 | 001,797,269 | ---- | M] () -- C:\Users\Mike\Desktop\fxpansion.mp3
[2010/06/14 13:31:22 | 005,557,605 | ---- | M] () -- C:\Users\Mike\Desktop\03.The Curse Of Castle Dragon.mp3
[2010/06/14 12:14:34 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/13 02:26:06 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/13 02:04:12 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
[2010/07/13 02:04:10 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/07/13 02:04:07 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
[2010/07/10 19:37:47 | 000,001,024 | ---- | C] () -- C:\Windows\System32\AutoPartNt.let
[2010/07/10 19:23:10 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Migrate Easy 7.0.lnk
[2010/07/10 18:30:58 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/07/10 18:30:58 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 4.1.1 Professional Edition.lnk
[2010/07/10 18:30:57 | 001,669,120 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/07/10 18:30:57 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/07/10 18:30:57 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/07/10 18:30:57 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/07/09 11:28:11 | 000,012,145 | -HS- | C] () -- C:\Users\Mike\Documents\AlbumArt_{B13D5C1A-DE3B-42A0-B263-51FC3A231AE1}_Large.jpg
[2010/07/09 11:28:11 | 000,002,754 | -HS- | C] () -- C:\Users\Mike\Documents\AlbumArt_{B13D5C1A-DE3B-42A0-B263-51FC3A231AE1}_Small.jpg
[2010/07/09 11:27:25 | 013,248,768 | ---- | C] () -- C:\Users\Mike\Documents\B.B. King at his best.mpg.mp3
[2010/07/09 11:25:57 | 011,027,072 | ---- | C] () -- C:\Users\Mike\Documents\Buddy Guy - Sweet Home Chicago.mp3
[2010/07/09 11:25:35 | 020,651,201 | ---- | C] () -- C:\Users\Mike\Documents\B.B. King at his best.mpg.mp4
[2010/07/09 11:20:00 | 017,591,663 | ---- | C] () -- C:\Users\Mike\Documents\Buddy Guy - Sweet Home Chicago.mp4
[2010/07/09 11:10:40 | 002,828,416 | ---- | C] () -- C:\Users\Mike\Desktop\Unknown - Caramell Dansen (Speedycake remix).mp3
[2010/07/09 01:55:37 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\Ultra Video Joiner.lnk
[2010/07/09 01:55:35 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/07/09 01:11:28 | 023,799,243 | ---- | C] () -- C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 3 TV.mp4
[2010/07/09 01:04:15 | 022,592,290 | ---- | C] () -- C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 2 TV.mp4
[2010/07/09 00:56:58 | 036,548,191 | ---- | C] () -- C:\Users\Mike\Documents\The Cat in the Hat. part 1 TV.mp4
[2010/07/09 00:50:15 | 000,000,697 | ---- | C] () -- C:\Users\Mike\Desktop\YouTube Downloader.lnk
[2010/06/29 02:26:06 | 000,066,242 | ---- | C] () -- C:\Users\Mike\Desktop\Cheetoes.png
[2010/06/21 16:26:31 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk
[2010/06/21 16:22:39 | 295,562,842 | ---- | C] () -- C:\Users\Mike\Desktop\Guitar_Rig_4.rar
[2010/06/21 13:09:35 | 233,192,900 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/21 03:25:34 | 000,018,608 | ---- | C] () -- C:\Users\Mike\Documents\big_4972610.jpg
[2010/06/21 01:52:57 | 000,001,097 | ---- | C] () -- C:\Users\Mike\Desktop\Cache Cleaner.lnk
[2010/06/20 23:58:43 | 000,004,176 | ---- | C] () -- C:\Users\Mike\Desktop\For Those Who Can Still Ride an Airplane for the First time by Anis Mojgani.rtf
[2010/06/20 23:54:25 | 000,003,343 | ---- | C] () -- C:\Users\Mike\Desktop\Milos by Anis Mojgani.rtf
[2010/06/17 13:40:23 | 000,000,599 | ---- | C] () -- C:\Users\Public\Desktop\A.V.A.lnk
[2010/06/17 12:57:46 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
[2010/06/17 12:57:46 | 000,000,561 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2010/06/17 12:57:46 | 000,000,561 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2010/06/17 12:57:46 | 000,000,153 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2010/06/15 22:29:05 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2010/06/14 13:31:06 | 005,557,605 | ---- | C] () -- C:\Users\Mike\Desktop\03.The Curse Of Castle Dragon.mp3
[2010/06/14 12:14:34 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/05/18 22:25:36 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/04/29 14:18:34 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/04/23 23:54:37 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/03/09 16:52:33 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/04 18:41:29 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCF51A_0C.dll
[2010/03/04 18:41:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF51A_10.dll
[2010/03/04 18:41:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF51A_0A.dll
[2010/03/04 18:41:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF51A_07.dll
[2010/03/04 18:41:29 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCF51A_09.dll
[2010/03/04 18:41:29 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCF51A_0402.dll
[2010/03/04 18:41:29 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCF51A_11.dll
[2010/03/04 18:41:28 | 002,514,944 | ---- | C] () -- C:\Windows\System32\SaiCF51A.Dll
[2010/02/24 02:54:16 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2010/02/02 20:29:46 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/09/23 23:09:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/09 23:19:15 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
[2009/08/03 16:07:42 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/29 01:13:57 | 000,000,030 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/05/19 10:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\System32\whlpdms32a.dll
[2009/03/28 03:17:42 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2009/02/22 18:57:52 | 004,421,889 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/02/18 14:57:22 | 000,557,451 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/02/16 18:19:42 | 000,790,190 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/16 17:32:20 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/02/16 17:30:30 | 000,903,703 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/02/16 17:23:50 | 000,145,081 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/02/16 15:49:30 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/02/14 16:15:42 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/02/09 23:28:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/02/09 21:19:18 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/02/09 21:19:12 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/02/09 21:18:52 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/02/09 21:18:32 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/02/09 21:18:24 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/02/09 21:18:20 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/02/09 20:56:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/07 17:15:57 | 000,000,261 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/01/05 15:25:44 | 000,003,120 | ---- | C] () -- C:\Windows\System32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
[2008/12/25 19:52:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2008/12/25 19:52:10 | 000,012,664 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2008/12/22 02:04:42 | 000,000,028 | ---- | C] () -- C:\Windows\System32\autoscan.dll
[2008/12/21 08:01:56 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/12/21 08:01:56 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/12/21 08:01:56 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/12/21 08:01:56 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/12/21 06:59:54 | 000,013,936 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/12/21 06:59:49 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008/12/21 06:59:43 | 000,013,619 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/21 03:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/12/28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/10 18:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/10 14:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\SysTool.sys
[2006/11/02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/07/13 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\.purple
[2010/04/18 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\abgx360
[2008/12/25 23:19:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\acccore
[2009/04/05 02:03:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Alien Skin
[2009/09/24 22:59:14 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Atari
[2010/05/24 21:47:59 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Audacity
[2010/07/06 01:50:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\BitTorrent
[2010/04/23 23:53:00 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/17 13:30:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\CopyPod
[2010/04/17 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\CopyPodPhoto
[2010/04/17 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DiskAid
[2009/11/02 12:13:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DMCache
[2010/01/28 02:51:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FrostWire
[2010/02/22 00:24:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\gtk-2.0
[2010/06/15 20:57:20 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ijjigame
[2010/01/08 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ImgBurn
[2010/07/13 15:14:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IMVU
[2009/01/15 01:11:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IMVU Previewer
[2009/12/25 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IMVU-Products
[2010/07/12 23:00:21 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IMVUClient
[2010/06/05 19:07:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\LolClient
[2010/01/24 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/07/13 11:48:24 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\QuickScan
[2009/03/05 14:54:29 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\REAPER
[2009/08/20 19:59:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SecondLife
[2009/03/04 14:30:42 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Steinberg
[2010/05/18 19:00:10 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SYSTEMAX Software Development
[2008/12/24 15:10:16 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Systweak
[2010/02/06 23:49:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Thinstall
[2009/03/22 01:17:43 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TigerPlayer
[2009/09/20 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TomTom
[2009/12/21 22:51:05 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Vivox
[2010/07/10 12:47:16 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Vso
[2010/04/17 12:55:56 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\WindSolutions
[2010/07/13 02:44:49 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2010/07/13 16:21:47 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/12/21 10:39:07 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/14 22:22:05 | 000,000,740 | -H-- | M] () -- C:\IPH.PH
[2010/07/13 16:22:49 | 3802,468,352 | -HS- | M] () -- C:\pagefile.sys
[2008/12/21 08:07:49 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2009/08/09 23:19:19 | 000,005,138 | ---- | M] () -- C:\StarBurn.log
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 13:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/26 15:00:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/04/18 17:29:02 | 000,016,384 | -H-- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\key3.db

< %PROGRAMFILES%\*.* >
[2008/01/21 03:41:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/21 03:22:57 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-12 03:04:58

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Documents\The Cat in the Hat. part 1 TV.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 3 TV.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 2 TV.mp4:TOC.WMV
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >





3. I will Run GMER shortly

[SweetTech]

While you are running GMER can you please tell me why the last time you updated Windows update was on March 12th 2010?

[Orcitect]

One moment, my pc restarted after GMER and didn't save, so i'll have to rerun it. I shall now disconnect my internet and do so, and ill sit with the computer this time, not sure why it restarted.

As for Windows update, as i recall it was only offering updates for Microsoft office 2007, which i do not currently have installed as far as i know, pretty sure i removed it for a previous version. Perhaps i should remove traces of office 2007 and try to run the update again for microsoft?

Edited by Orcitect, 13 July 2010 - 10:58 AM.

[SweetTech]

It's never a good idea to not install updates. We will address this a little later.

While running the GMER scan please watch to see if you see any entries that say: "Suspicious Modification" or something similar. If this is the case kindly write down the file name on a piece of paper, so that in the event it freezes on you, you'll have the filename to report back with.

[Orcitect]

3: GMER


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-13 18:37:37
Windows 6.0.6002 Service Pack 2
Running: g00eol93.exe; Driver: C:\Users\Mike\AppData\Local\Temp\fxlorpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwAlpcSendWaitReceivePort [0x90C5E4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0x90C5DDCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0x90C5DE52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0x90C5DFEE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0x90C5DCCA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0x90C5DECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0x90C5DD4C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0x90C5DF6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0x90C5C12E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0x90C5DE14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0x90C5DE90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0x90C5E030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0x90C5DD0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0x90C5DF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0x90C5DD90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0x90C5DFB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0x90C5CC94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0x90C5E954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0x90C5E4BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0x90C5C19C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0x90C5C2D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSystemDebugControl [0x90C5C2EA]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x9114D50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 181 832AE8E4 4 Bytes [FE, E4, C5, 90]
.text ntkrnlpa.exe!KeSetEvent + 1D1 832AE934 8 Bytes [CE, DD, C5, 90, 52, DE, C5, ...] {INTO ; FFREE ST(5); NOP ; PUSH EDX; FADDP ST(5), ST; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1DD 832AE940 4 Bytes [EE, DF, C5, 90]
.text ntkrnlpa.exe!KeSetEvent + 1F5 832AE958 4 Bytes [CA, DC, C5, 90] {RETF 0xc5dc; NOP }
.text ntkrnlpa.exe!KeSetEvent + 215 832AE978 8 Bytes [CE, DE, C5, 90, 4C, DD, C5, ...] {INTO ; FADDP ST(5), ST; NOP ; DEC ESP; FFREE ST(5); NOP }
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833D928F 5 Bytes JMP 911494AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 83431F78 5 Bytes JMP 9114A97E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83493796 7 Bytes JMP 9114D50E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtCreateFile + 6 77A243DA 4 Bytes [28, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtCreateFile + B 77A243DF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtMapViewOfSection + 6 77A24B2A 1 Byte [28]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtMapViewOfSection + 6 77A24B2A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtMapViewOfSection + B 77A24B2F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenFile + 6 77A24BBA 4 Bytes [68, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenFile + B 77A24BBF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcess + 6 77A24C3A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcess + B 77A24C3F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcessToken + 6 77A24C4A 4 Bytes CALL 76A25250 C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcessToken + B 77A24C4F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcessTokenEx + 6 77A24C5A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenProcessTokenEx + B 77A24C5F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThread + 6 77A24CAA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThread + B 77A24CAF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThreadToken + 6 77A24CBA 4 Bytes [68, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThreadToken + B 77A24CBF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThreadTokenEx + 6 77A24CCA 4 Bytes CALL 76A252D1 C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtOpenThreadTokenEx + B 77A24CCF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtQueryAttributesFile + 6 77A24D5A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtQueryAttributesFile + B 77A24D5F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtQueryFullAttributesFile + 6 77A24E0A 4 Bytes CALL 76A2540F C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtQueryFullAttributesFile + B 77A24E0F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtSetInformationFile + 6 77A252EA 4 Bytes [28, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtSetInformationFile + B 77A252EF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtSetInformationThread + 6 77A2533A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtSetInformationThread + B 77A2533F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtUnmapViewOfSection + 6 77A255DA 1 Byte [68]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtUnmapViewOfSection + 6 77A255DA 4 Bytes [68, 03, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[2180] ntdll.dll!NtUnmapViewOfSection + B 77A255DF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtCreateFile + 6 77A243DA 4 Bytes [28, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtCreateFile + B 77A243DF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + 6 77A24B2A 1 Byte [28]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + 6 77A24B2A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + B 77A24B2F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenFile + 6 77A24BBA 4 Bytes [68, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenFile + B 77A24BBF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcess + 6 77A24C3A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcess + B 77A24C3F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessToken + 6 77A24C4A 4 Bytes CALL 76A25250 C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessToken + B 77A24C4F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessTokenEx + 6 77A24C5A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessTokenEx + B 77A24C5F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThread + 6 77A24CAA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThread + B 77A24CAF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadToken + 6 77A24CBA 4 Bytes [68, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadToken + B 77A24CBF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadTokenEx + 6 77A24CCA 4 Bytes CALL 76A252D1 C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadTokenEx + B 77A24CCF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryAttributesFile + 6 77A24D5A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryAttributesFile + B 77A24D5F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryFullAttributesFile + 6 77A24E0A 4 Bytes CALL 76A2540F C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryFullAttributesFile + B 77A24E0F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationFile + 6 77A252EA 4 Bytes [28, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationFile + B 77A252EF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationThread + 6 77A2533A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationThread + B 77A2533F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + 6 77A255DA 1 Byte [68]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + 6 77A255DA 4 Bytes [68, 03, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + B 77A255DF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtCreateFile + 6 77A243DA 4 Bytes [28, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtCreateFile + B 77A243DF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtMapViewOfSection + 6 77A24B2A 1 Byte [28]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtMapViewOfSection + 6 77A24B2A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtMapViewOfSection + B 77A24B2F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenFile + 6 77A24BBA 4 Bytes [68, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenFile + B 77A24BBF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcess + 6 77A24C3A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcess + B 77A24C3F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcessToken + 6 77A24C4A 4 Bytes CALL 76A25250 C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcessToken + B 77A24C4F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcessTokenEx + 6 77A24C5A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenProcessTokenEx + B 77A24C5F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThread + 6 77A24CAA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThread + B 77A24CAF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThreadToken + 6 77A24CBA 4 Bytes [68, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThreadToken + B 77A24CBF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThreadTokenEx + 6 77A24CCA 4 Bytes CALL 76A252D1 C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtOpenThreadTokenEx + B 77A24CCF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtQueryAttributesFile + 6 77A24D5A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtQueryAttributesFile + B 77A24D5F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtQueryFullAttributesFile + 6 77A24E0A 4 Bytes CALL 76A2540F C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtQueryFullAttributesFile + B 77A24E0F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtSetInformationFile + 6 77A252EA 4 Bytes [28, 01, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtSetInformationFile + B 77A252EF 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtSetInformationThread + 6 77A2533A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtSetInformationThread + B 77A2533F 1 Byte [E2]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtUnmapViewOfSection + 6 77A255DA 1 Byte [68]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtUnmapViewOfSection + 6 77A255DA 4 Bytes [68, 03, 06, 00]
.text C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe[4628] ntdll.dll!NtUnmapViewOfSection + B 77A255DF 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A5A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A38395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[760] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396
ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[920] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[920] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61449C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61449CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61449C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4908] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61449D87] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5100] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a577424
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a577424@001fcdafefc5 0x5C 0x81 0xFA 0x05 ...
Reg HKLM\SYSTEM\ControlSet030\Services\BTHPORT\Parameters\Keys\000a3a577424 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet030\Services\BTHPORT\Parameters\Keys\000a3a577424@001fcdafefc5 0x5C 0x81 0xFA 0x05 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B074EE94-5AB1-4FDD-A6B4-DBC36A7726F8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B074EE94-5AB1-4FDD-A6B4-DBC36A7726F8}@bbnfimkbofadicejpgjeolalapnpchiokjcc 0x61 0x62 0x69 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B074EE94-5AB1-4FDD-A6B4-DBC36A7726F8}@abnfimkbofadicejpgmejidakcoaogpkib 0x62 0x62 0x6C 0x69 ...

---- EOF - GMER 1.0.15 ----

[SweetTech]

OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  
  

  :Services
  :OTL
  SRV - (MyWebSearchService) -- C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe File not found
  IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
  IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll File not found
  FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
  FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
  FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
  FF - prefs.js..browser.search.order.1: "Fast Browser Search"
  FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
  FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={9B27A79D-68B7-7442-D77C-158A71016E85}&q="
  [2009/12/01 03:23:47 | 000,005,413 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\fast-browser-search.xml
  [2009/12/04 22:08:28 | 000,009,941 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\mywebsearch.xml
  O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll File not found
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
  O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll File not found
  O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll File not found
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
  O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe File not found
  O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found
  O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Users\Mike\AppData\Local\Temp\Zxd.exe File not found
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.153,93.188.166.54
  O33 - MountPoints2\{0a9f220c-a5e5-11de-a0ef-00221599cbb5}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
  O33 - MountPoints2\{f4f73582-6b5f-11df-967b-00221599cbb5}\Shell\AutoRun\command - "" = J:\Launcher.exe -- File not found
  [2010/07/10 16:38:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\hdeecL0n3p120
  [2010/07/13 01:56:04 | 000,000,087 | ---- | M] () -- C:\Users\Mike\AppData\Local\fdwov.bat
  @Alternate Data Stream - 64 bytes -> C:\Users\Mike\Documents\The Cat in the Hat. part 1 TV.mp4:TOC.WMV
  @Alternate Data Stream - 64 bytes -> C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 3 TV.mp4:TOC.WMV
  @Alternate Data Stream - 64 bytes -> C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 2 TV.mp4:TOC.WMV
  @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
  :Reg
  
  :Files
  flushdns /c
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [start explorer]
  [Reboot]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:


Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

[Orcitect]

OTL Fix log


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Error: No service named MyWebSearchService was found to stop!
Service\Driver key MyWebSearchService not found.
File C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "Fast Browser Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://www.fastbrows...?s=DEF&v=19&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "Fast Browser Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.fastbrows...8A71016E85}&q=" removed from keyword.URL
File C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\fast-browser-search.xml not found.
File C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gdxiqddt.default\searchplugins\mywebsearch.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TomTomHOME.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a9f220c-a5e5-11de-a0ef-00221599cbb5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a9f220c-a5e5-11de-a0ef-00221599cbb5}\ not found.
File J:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4f73582-6b5f-11df-967b-00221599cbb5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4f73582-6b5f-11df-967b-00221599cbb5}\ not found.
File J:\Launcher.exe not found.
Folder C:\Users\Mike\Desktop\hdeecL0n3p120\ not found.
File C:\Users\Mike\AppData\Local\fdwov.bat not found.
Unable to delete ADS C:\Users\Mike\Documents\The Cat in the Hat. part 1 TV.mp4:TOC.WMV .
Unable to delete ADS C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 3 TV.mp4:TOC.WMV .
Unable to delete ADS C:\Users\Mike\Documents\Dr. Seuss-The Cat in the Hat. part 2 TV.mp4:TOC.WMV .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
========== REGISTRY ==========
========== FILES ==========
< flushdns /c >
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 1279544 bytes
->Temporary Internet Files folder emptied: 126124567 bytes
->Java cache emptied: 86404168 bytes
->FireFox cache emptied: 75760598 bytes
->Google Chrome cache emptied: 6682411 bytes
->Flash cache emptied: 1019227 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3238240 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145517412 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 10947041 bytes
RecycleBin emptied: 2565384 bytes

Total Files Cleaned = 438.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07132010_184948

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[SweetTech]

Okay.

[Orcitect]

Combofix seems to just fill its loading bar and then close.

[SweetTech]

Hello,

Okay. Lets try something different then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:


Kaspersky Online Scanner
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following bolded text into the textbox.
  
  

  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Push
• A report will open. Copy and Paste that report in your next reply.

NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
3. The log that was produced after running the Kaspersky Online Virus Scanner.
4. The log that was produced after running the OTL scan.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

Edited by SweetTech, 13 July 2010 - 12:27 PM.

[Orcitect]

My appologies, Combofix loaded, it just took its time.

However i got the error:

Please wait.
Combofix is preparing to run.

Out of Memory

Edited by Orcitect, 13 July 2010 - 12:36 PM.

[SweetTech]

What is it currently doing? Has it closed itself?

[Orcitect]

No, it has stayed open.

Edited by Orcitect, 13 July 2010 - 12:43 PM.