I have run OTL without any problem - hooray! I will attach the OTL.txt and Extras.txt here separately. Here is the first file - OTL.txt
Please do your best to help, ok?
OTL.Txt 110.79KB
132 downloadsOTL logfile created on: 9/19/2010 12:41:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\heloo kity
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 57.00% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.70 Gb Total Space | 664.01 Gb Free Space | 72.36% Space Free | Partition Type: NTFS
Drive D: | 13.81 Gb Total Space | 1.87 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1863.01 Gb Total Space | 1664.48 Gb Free Space | 89.34% Space Free | Partition Type: NTFS
Drive K: | 1397.26 Gb Total Space | 5.52 Gb Free Space | 0.40% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 1509.37 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Computer Name: DAN-64BIT-PC
Current User Name: Dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ========== PRC - C:\heloo kity\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISVAM970\we37f6ss[1].exe ()
PRC - C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\heloo kity\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Internet Explorer\ieproxy.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WMASF.DLL (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\winsta.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wkscli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\StructuredQuery.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SearchFolder.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WMVCORE.DLL (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\PortableDeviceTypes.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msacm32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\EhStorAPI.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\drprov.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\davhlpr.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\audiodev.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV:
64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:
64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:
64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:
64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:
64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:
64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:
64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:
64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV:
64bit: - (slabser) -- C:\Windows\SysNative\drivers\slabser.sys (MCCI Corporation)
DRV:
64bit: - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\slabbus.sys (MCCI Corporation)
DRV:
64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:
64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:
64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:
64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:
64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:
64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:
64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:
64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:
64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:
64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:
64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:
64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:
64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:
64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:
64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:
64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:
64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:
64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:
64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:
64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:
64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:
64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:
64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:
64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:
64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:
64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:
64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bing.com/IE - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 28 F9 4A 7A A8 CA 01 [binary data]
IE - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "
http://www.bing.com/...TDF&PC=VUZE&q="FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "
http://www.bing.com/"FF - prefs.js..extensions.enabledItems:
[email protected]:1.5.3
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0.7
FF - prefs.js..extensions.enabledItems:
[email protected]:5.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "
http://www.bing.com/...TDF&PC=VUZE&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1384.0\Firefox [2010/02/26 23:51:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/24 22:18:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 03:05:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 22:18:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/26 22:27:38 | 000,000,000 | ---D | M]
[2010/05/20 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/05/20 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\
[email protected][2010/09/19 02:53:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7dy5vz4l.default\extensions
[2010/03/18 22:31:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7dy5vz4l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/18 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7dy5vz4l.default\extensions\
[email protected][2010/04/27 21:50:17 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7dy5vz4l.default\extensions\
[email protected][2010/03/01 16:25:08 | 000,001,832 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7dy5vz4l.default\searchplugins\bing.xml
[2010/02/11 20:33:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:
64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GameKnot Chess) - {61B5B39F-0750-4637-9D70-A63A79978B5D} - K:\Program Files in FreeAgent Drive\GameKnot-Chess-Toolbar\gameknot_toolbar.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:
64bit: - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000..\Run: [SUPERAntiSpyware] J:\Program Files in FreeAgent Drive\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:
64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}
http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:
64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-3468660716-3403255347-3492311743-1000 Winlogon: Shell - (C:\Users\Dan\AppData\Roaming\hotfix.exe) - C:\Users\Dan\AppData\Roaming\hotfix.exe (Fast Maus AG)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - J:\Program Files in FreeAgent Drive\SASWINLO.dll - J:\Program Files in FreeAgent Drive\SASWINLO.dll File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - J:\Program Files in FreeAgent Drive\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:
64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk J:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:
64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ========== [2010/09/19 08:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/19 03:22:05 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes
[2010/09/19 03:21:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/19 03:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/19 03:21:54 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/19 03:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/18 22:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/09/18 22:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/18 21:52:41 | 000,664,576 | ---- | C] (Fast Maus AG) -- C:\Users\Dan\AppData\Roaming\hotfix.exe
[2010/08/23 01:48:39 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\vlc
[2010/08/08 13:27:56 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Apple Computer
[2010/08/07 06:54:17 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\My Bear411 pics to send
[2010/08/07 06:25:19 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Yahoo
[2010/08/07 06:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/08/07 06:23:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Yahoo!
[2010/08/07 06:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/08/07 06:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/01 13:42:10 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\PDF Files
[2010/08/01 12:09:34 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Bear411 Chats
[2010/07/24 22:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/07/01 05:37:58 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/07/01 05:29:30 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\My Garmin
[2010/07/01 05:29:30 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Garmin
[2010/07/01 05:29:23 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\GARMIN_Corp
[2010/07/01 05:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2010/07/01 05:24:17 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\GARMIN
[2010/07/01 05:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2010/07/01 05:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2010/06/29 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Aliens of the Deep
[2010/06/28 22:37:58 | 000,000,000 | ---D | C] -- C:\heloo kity
[2010/06/28 22:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/06/27 21:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010/06/27 21:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/06/26 11:07:32 | 000,000,000 | R--D | C] -- C:\Users\Dan\Desktop\Software for Creative Soundblaster Extigy
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 90 Days ========== [2010/09/19 12:43:25 | 005,767,168 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT
[2010/09/19 12:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/19 11:56:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468660716-3403255347-3492311743-1000UA.job
[2010/09/19 11:56:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468660716-3403255347-3492311743-1000Core.job
[2010/09/19 09:05:10 | 000,002,099 | ---- | M] () -- C:\Users\Dan\Desktop\HijackThis.lnk
[2010/09/19 03:25:53 | 000,014,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 03:25:53 | 000,014,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 03:21:59 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/19 03:18:48 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 03:18:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 03:18:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 03:18:05 | 2139,795,455 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 02:44:50 | 000,002,399 | ---- | M] () -- C:\Users\Dan\Desktop\Google Chrome.lnk
[2010/09/19 02:35:09 | 000,000,594 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/09/19 02:35:09 | 000,000,594 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/09/18 22:17:14 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/18 21:56:13 | 003,343,870 | -H-- | M] () -- C:\Users\Dan\AppData\Local\IconCache.db
[2010/09/18 21:52:42 | 000,664,576 | ---- | M] (Fast Maus AG) -- C:\Users\Dan\AppData\Roaming\hotfix.exe
[2010/09/18 16:00:00 | 000,000,494 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dan.job
[2010/08/26 22:27:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/23 01:45:13 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/23 01:44:12 | 019,563,096 | ---- | M] () -- C:\Users\Dan\Documents\vlc-1.1.3-win32.exe
[2010/08/22 15:10:07 | 000,779,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/22 15:10:07 | 000,661,830 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/22 15:10:07 | 000,121,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 05:58:00 | 000,566,556 | ---- | M] () -- C:\Users\Dan\Desktop\adp flex direct submission form.pdf
[2010/08/16 21:50:38 | 000,090,092 | ---- | M] () -- C:\Users\Dan\Desktop\zipcode_20906.pdf
[2010/08/14 21:59:39 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/08/14 21:59:39 | 000,001,854 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/12 17:06:17 | 000,048,640 | ---- | M] () -- C:\Users\Dan\Desktop\Resume for Dan Chu, PE (2010-08-12 1706).doc
[2010/08/12 03:27:11 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 04:49:54 | 000,134,807 | ---- | M] () -- C:\Users\Dan\Desktop\Invoice.pdf
[2010/08/07 06:56:13 | 000,088,514 | ---- | M] () -- C:\Users\Dan\Desktop\With 3 Puppies.JPG
[2010/08/07 06:54:49 | 000,056,939 | ---- | M] () -- C:\Users\Dan\Desktop\Angelo's Steak Pit.jpg
[2010/08/07 06:21:12 | 000,001,167 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/07 06:21:12 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/07/30 23:22:06 | 019,461,015 | ---- | M] () -- C:\Users\Dan\Documents\vlc-1.1.2-win32.exe
[2010/07/24 22:18:59 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/07/24 22:17:47 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/07/22 22:50:16 | 019,473,201 | ---- | M] () -- C:\Users\Dan\Documents\vlc-1.1.1-win32.exe
[2010/07/19 22:17:20 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/07/17 15:34:31 | 000,604,336 | ---- | M] () -- C:\Users\Dan\Desktop\rick stats.png
[2010/07/09 06:14:18 | 000,254,637 | ---- | M] () -- C:\Users\Dan\Desktop\amazon refund of $12.07.jpg
[2010/07/05 17:07:57 | 000,001,854 | ---- | M] () -- C:\Users\Dan\Desktop\Vuze.lnk
[2010/06/28 21:47:21 | 000,000,355 | ---- | M] () -- C:\Users\Dan\Desktop\Computer - Shortcut.lnk
[2010/06/27 21:43:50 | 000,001,041 | ---- | M] () -- C:\Users\Dan\Desktop\KMPlayer.lnk
[2010/06/27 21:43:26 | 014,914,820 | ---- | M] () -- C:\Users\Dan\Desktop\The_KMPlayer_1435[1].exe
[2010/06/23 02:46:21 | 000,010,676 | ---- | M] () -- C:\Users\Dan\Documents\Time is very Precious.docx
[2010/06/23 02:42:17 | 000,048,640 | ---- | M] () -- C:\Users\Dan\Desktop\Resume for Dan Chu, PE (2010-06-23 0228).doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/09/19 08:18:06 | 000,002,099 | ---- | C] () -- C:\Users\Dan\Desktop\HijackThis.lnk
[2010/09/19 03:21:59 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/18 22:17:14 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/23 01:45:13 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/23 01:43:16 | 019,563,096 | ---- | C] () -- C:\Users\Dan\Documents\vlc-1.1.3-win32.exe
[2010/08/21 05:57:59 | 000,566,556 | ---- | C] () -- C:\Users\Dan\Desktop\adp flex direct submission form.pdf
[2010/08/16 21:50:41 | 000,090,092 | ---- | C] () -- C:\Users\Dan\Desktop\zipcode_20906.pdf
[2010/08/12 17:06:16 | 000,048,640 | ---- | C] () -- C:\Users\Dan\Desktop\Resume for Dan Chu, PE (2010-08-12 1706).doc
[2010/08/09 04:49:59 | 000,134,807 | ---- | C] () -- C:\Users\Dan\Desktop\Invoice.pdf
[2010/08/07 06:58:50 | 000,088,514 | ---- | C] () -- C:\Users\Dan\Desktop\With 3 Puppies.JPG
[2010/08/07 06:55:52 | 000,056,939 | ---- | C] () -- C:\Users\Dan\Desktop\Angelo's Steak Pit.jpg
[2010/08/07 06:21:12 | 000,001,167 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/07 06:21:12 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/07/30 23:21:43 | 019,461,015 | ---- | C] () -- C:\Users\Dan\Documents\vlc-1.1.2-win32.exe
[2010/07/24 22:18:59 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/07/22 22:49:34 | 019,473,201 | ---- | C] () -- C:\Users\Dan\Documents\vlc-1.1.1-win32.exe
[2010/07/17 15:34:28 | 000,604,336 | ---- | C] () -- C:\Users\Dan\Desktop\rick stats.png
[2010/07/09 06:14:18 | 000,254,637 | ---- | C] () -- C:\Users\Dan\Desktop\amazon refund of $12.07.jpg
[2010/07/05 17:07:57 | 000,001,854 | ---- | C] () -- C:\Users\Dan\Desktop\Vuze.lnk
[2010/07/03 11:14:33 | 002,394,486 | ---- | C] () -- C:\Users\Dan\Desktop\P3301848.JPG
[2010/06/28 21:47:21 | 000,000,355 | ---- | C] () -- C:\Users\Dan\Desktop\Computer - Shortcut.lnk
[2010/06/27 21:43:50 | 000,001,041 | ---- | C] () -- C:\Users\Dan\Desktop\KMPlayer.lnk
[2010/06/27 21:43:08 | 014,914,820 | ---- | C] () -- C:\Users\Dan\Desktop\The_KMPlayer_1435[1].exe
[2010/06/23 02:42:16 | 000,048,640 | ---- | C] () -- C:\Users\Dan\Desktop\Resume for Dan Chu, PE (2010-06-23 0228).doc
[2010/03/18 22:16:51 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/03/18 22:16:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/02/09 23:18:06 | 000,007,597 | ---- | C] () -- C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
[2010/02/08 01:26:33 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/26 05:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/14 02:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/01/14 02:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/01/14 02:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/01/14 02:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/01/14 02:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/01/14 02:47:24 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/01/14 02:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/01/14 02:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/01/14 02:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/01/14 02:47:24 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/01/14 02:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009/01/14 02:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
========== LOP Check ========== [2010/09/18 08:03:00 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Azureus
[2010/07/01 05:29:24 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GARMIN
[2010/04/02 08:26:20 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LimeWire
[2010/06/01 21:46:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Opera
[2010/05/20 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TomTom
[2010/02/08 06:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WeatherBug
[2010/08/16 05:56:59 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/02/08 05:16:57 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/09/19 03:18:05 | 2139,795,455 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/09/19 03:18:05 | 4284,719,103 | -HS- | M] () -- C:\pagefile.sys
[2010/03/01 15:28:43 | 000,000,266 | ---- | M] () -- C:\rkill.log
[2009/07/30 12:17:21 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log
< %systemroot%\Fonts\*.com >[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini >[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* >[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[2010/02/08 00:50:51 | 000,000,221 | -HS- | M] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >[2010/04/26 00:00:31 | 014,914,820 | ---- | M] () -- C:\Users\Dan\Desktop\The_KMPlayer_1435.exe
[2010/06/27 21:43:26 | 014,914,820 | ---- | M] () -- C:\Users\Dan\Desktop\The_KMPlayer_1435[1].exe
< %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > < %USERPROFILE%\*.exe > < %systemroot%\ADDINS\*.* >[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x >[2010/08/04 06:48:41 | 000,000,402 | -HS- | M] () -- C:\Users\Dan\Favorites\desktop.ini
< %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x > < %SystemRoot%\system32\fonts\*.* > < %systemroot%\system32\winlog\*.* > < %systemroot%\system32\Language\*.* > < %systemroot%\system32\Settings\*.* > < %systemroot%\system32\*.quo > < %SYSTEMROOT%\AppPatch\*.exe > < %SYSTEMROOT%\inf\*.exe > < %SYSTEMROOT%\Installer\*.exe > < %systemroot%\system32\config\*.bak2 > < %systemroot%\system32\Computers\*.* > < %SystemRoot%\system32\Sound\*.* > < %SystemRoot%\system32\SpecialImg\*.* > < %SystemRoot%\system32\code\*.* > < %SystemRoot%\system32\draft\*.* > < %SystemRoot%\system32\MSSSys\*.* > < %ProgramFiles%\Javascript\*.* > < %systemroot%\pchealth\helpctr\System\*.exe /s > < %systemroot%\Web\*.exe > < %systemroot%\system32\msn\*.* > < %systemroot%\system32\*.tro > < %AppData%\Microsoft\Installer\msupdates\*.* > < %ProgramFiles%\Messenger\*.exe > < %systemroot%\system32\systhem32\*.* > < %systemroot%\system\*.exe > < %USERPROFILE%\Templates\*.tmp > < %SYSTEMDRIVE%\explorexxx.exe\*.* > < %Windir%\Installer\*.tmp > < %systemroot%\System32\*.xco > < %ProgramFiles%\system32\*.* > < %systemroot%\System32\windos\*.* > < %SystemRoot%\system32\sandbox\*.* > < %SystemRoot%\system32\*.amo > < %SystemRoot%\system32\Windows Live\*.* > < %ProgramFiles%\logs\*.* > < %ProgramFiles%\Bifrost\*.* > < %SystemRoot%\system32\*.goo > < %systemroot%\system32\IME\*.* > < %systemroot%\BackUp\*.* > < %systemroot%\system32\*.ico >[2009/06/10 17:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\SysWOW64\PerfCenterCpl.ico
< %systemroot%\system\*.dat > < %systemroot%\system\*.exe > < %AppData%\Macromedia\Common\*.* > < %SYSTEMDRIVE%\dir\*.* /s > < %systemroot%\system32\ras\*.exe > < %SYSTEMDRIVE%\MFILES\*.* > < %SYSTEMDRIVE%\mDNSRespon.exe\*.* > < %systemroot%\system32\services\*.* > < %systemroot%\Spooler\*.* > < %ProgramFiles%\system32\*.* > < %systemroot%\system32\Setup\*.dll /x > < %systemroot%\system32\*.mine > < %SYSTEMDRIVE%\cleansweep.exe\*.* > < %systemroot%\system32\ras\*.dll > < %systemroot%\system32\ras\*.drv > < %systemroot%\*.iq > < %systemroot%\system32\XP\*.* > < %SYSTEMDRIVE%\Extracted\*.* > < %systemroot%\system32\windows\*.* > < %systemroot%\logs\*.* >[2010/03/24 14:07:36 | 000,707,348 | ---- | M] () -- C:\Windows\Logs\DirectX.log
< %SYSTEMDRIVE%\Win.Msi\*.* > < %systemroot%\regedit\*.* > < %systemroot%\system32\skype\*.* > < %AppData%\Adobe\dlluplwin25\*.* > < %UserProfile%\*.dat >[2010/09/19 12:46:28 | 005,767,168 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT
< %UserProfile%\*.dll > < %systemroot%\system32\*.sxo > < %SYSTEMDRIVE%\Gazma\*.* /s > < %systemroot%\system32\spynet\*.* > < %systemroot%\system32\System\*.* > < %appdata%\Microsoft\Windows\*.* > < %systemroot%\system32\WinDir\*.* > < %systemroot%\_\*.* > < %systemroot%\system32\windows32\*.* > < %ProgramFiles%\win\*.* > < %AppData%\Microsoft\CD Burning\*.* > < %systemroot%\*.cab > < %systemroot%\K.Backup\*.* > < %ProgramFiles%\Massenger\*.* > < %systemroot%\System32\*.doc > < %systemroot%\Office12\*.* > < %systemroot%\System32\Rundl32.exe\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Files - Unicode (All) ==========[2010/07/05 11:40:34 | 004,347,904 | ---- | C] ()(C:\Users\Dan\Desktop\????? ????.mp3) -- C:\Users\Dan\Desktop\おやじの海 村木賢吉.mp3
[2010/07/05 11:40:34 | 003,135,488 | ---- | C] ()(C:\Users\Dan\Desktop\????? - ???? (Oyaji no Umi. Muraki Kenkichi).mp3) -- C:\Users\Dan\Desktop\おやじの海 - 村木賢吉 (Oyaji no Umi. Muraki Kenkichi).mp3
[2010/02/18 21:31:36 | 003,135,488 | ---- | M] ()(C:\Users\Dan\Desktop\????? - ???? (Oyaji no Umi. Muraki Kenkichi).mp3) -- C:\Users\Dan\Desktop\おやじの海 - 村木賢吉 (Oyaji no Umi. Muraki Kenkichi).mp3
[2010/02/18 21:28:09 | 004,347,904 | ---- | M] ()(C:\Users\Dan\Desktop\????? ????.mp3) -- C:\Users\Dan\Desktop\おやじの海 村木賢吉.mp3
< End of report >
Edited by Essexboy, 19 September 2010 - 10:53 AM.
log opened