Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A couple of Trojans SHeur.ZSQ and W95 Elkern F-Secure


  • Please log in to reply

#1
gofergal

gofergal

    New Member

  • Member
  • Pip
  • 1 posts
Please help us. I am trying to help a friend and I am stuck.
HJT gives us an error when we try to delete anything. When I click scan we get this message:

O10 shows 4 entries with this title "Unknown file in winsock" and when we try and fix them this message comes up:

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens you need to edit the file yourself. To do this, click Start, Run and type: notepad "C:\Windows\System32\drivers\etc\hosts" and press enter. Find the lines HijackThis reports and delete them. Save the file as "hosts." (with quotes", and reboot."


Then when I close that popup I get this: "An unexpected error has occurred at procedure: modMain_CheckOtherItem() Error #75 - Path/File access error", with information to report it to HJT.

It also tells me to download LSPFix but it will not work on the Windows 7 computer. Not sure if they have a version for it or not.

I have followed the steps listed in another post and I have posted the final OTL log below. Since I do not read French... I didn't know if I needed to run the fix or anything. I can do that if i need to, but didn't want to do something I didn't know how to do.

I have run Malwarebytes and it is clean.

ESET Online Scanner found 11 infected files and cleaned them. Here is the list:



C:\Qoobox\Quarantine\C\ProgramData\hKa06511aDfNm06511\hKa06511aDfNm06511.exe.vir a variant of Win32/Kryptik.MXJ trojan cleaned by deleting - quarantined
C:\Users\cat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\3c15550e-173ce900 multiple threats deleted - quarantined
C:\Users\cat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\32140990-1eaaee04 a variant of Win32/Kryptik.MXJ trojan cleaned by deleting - quarantined
C:\Users\cat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\212d3d98-5e9a6541 multiple threats deleted - quarantined
C:\Users\cat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5484479d-450179f9 multiple threats deleted - quarantined
C:\Users\cat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\148903a2-45c784f5 Java/Agent.AD trojan deleted - quarantined
C:\Users\cat\AppData\Roaming\DD73561CACC50BBB084E3545BAD28820\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\richard wagner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45676 Win32/Adware.Virtumonde.NEO application cleaned by deleting (after the next restart) - quarantined
C:\Users\richard wagner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.47884 Win32/Adware.Virtumonde.NEO application cleaned by deleting (after the next restart) - quarantined
C:\Users\richard wagner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.48344 Win32/Adware.Virtumonde.NEO application cleaned by deleting (after the next restart) - quarantined
C:\Users\richard wagner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.89081 Win32/Adware.Virtumonde.NEO application cleaned by deleting (after the next restart) - quarantined







I have also run TDSSKIller and the log shows no infections now. And I used RogueKiller and the log is posted below after I did the proxy fix.

Thanks in advance for your help.
Gofergal




___________________________________________________________

OTL logfile created on: 4/23/2011 3:36:02 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\cat\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 41.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.01 Gb Total Space | 41.23 Gb Free Space | 27.67% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 148.92 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: DELL470 | User Name: cat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/23 13:46:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Downloads\OTL.com
PRC - [2011/04/14 18:08:56 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/14 18:08:52 | 000,352,144 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/18 11:18:58 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011/03/18 11:18:54 | 000,880,184 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011/03/09 11:01:41 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2010/12/05 14:14:30 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2010/10/30 23:45:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/16 00:22:16 | 005,206,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/04/16 00:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/03/23 02:35:14 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/06/29 13:39:36 | 000,266,338 | ---- | M] () -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2006/06/29 13:39:36 | 000,118,880 | ---- | M] () -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
PRC - [2005/02/16 08:06:16 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Analyze This\HijackThis.exe
PRC - [2001/11/12 11:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2011/04/23 13:46:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Downloads\OTL.com
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/14 18:08:52 | 000,352,144 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/04/16 00:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/23 02:35:14 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/06/29 13:39:36 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/29 13:39:36 | 000,118,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/06/29 13:39:18 | 001,073,152 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2001/11/12 11:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/09/16 07:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 07:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 07:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 07:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/03 19:28:32 | 001,451,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2006/11/30 13:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2005/02/03 08:59:26 | 000,347,904 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smwdm.sys -- (smwdm)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files (x86)\LiveTV_\tbLiv1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...FORM=VE3D01&q="
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2


FF - HKLM\software\mozilla\Firefox\Extensions\\{E0BF9931-41CC-4F2D-99A4-F4664CB074AD}: C:\Windows\system32\config\systemprofile\AppData\Local\{E0BF9931-41CC-4F2D-99A4-F4664CB074AD}\ [2010/10/27 19:53:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/11 16:20:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/03 14:56:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/11 16:20:40 | 000,000,000 | ---D | M]

[2009/10/08 11:51:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\cat\AppData\Roaming\Mozilla\Extensions
[2011/04/23 13:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\93mb1n2c.default\extensions
[2011/04/11 16:20:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\93mb1n2c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/20 14:04:16 | 000,002,164 | -H-- | M] () -- C:\Users\cat\AppData\Roaming\Mozilla\Firefox\Profiles\93mb1n2c.default\searchplugins\bing.xml
[2011/04/20 20:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/11 16:20:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/11 16:20:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\CAT\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2011/04/23 13:07:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (LiveTV_ Toolbar) - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files (x86)\LiveTV_\tbLiv1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (LiveTV_ Toolbar) - {59385f95-c52f-4a84-b674-4a4206b17218} - C:\Program Files (x86)\LiveTV_\tbLiv1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (LiveTV_ Toolbar) - {59385F95-C52F-4A84-B674-4A4206B17218} - C:\Program Files (x86)\LiveTV_\tbLiv1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: () - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/23 14:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/23 14:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/04/23 14:05:52 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\cat\Desktop\LSPFix.exe
[2011/04/23 13:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/04/23 13:29:24 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\cat\Desktop\TDSSKiller.exe
[2011/04/23 13:27:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/23 13:17:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/23 12:59:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/23 12:59:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/23 12:59:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/23 12:59:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/23 12:57:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\cat\Desktop\SURVIVALIST
[2011/04/22 00:14:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/04/20 21:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/04/20 21:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/20 21:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/20 21:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/04/20 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\cat\Desktop\TOTES
[2011/04/12 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\cat\Desktop\INTERNET EXPLORER
[2011/04/12 10:41:07 | 000,000,000 | ---D | C] -- C:\Users\cat\Desktop\homes2
[2011/04/12 08:58:48 | 000,000,000 | ---D | C] -- C:\Users\cat\Desktop\Libraries
[2011/04/09 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\ParetoLogic
[2011/04/09 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\DriverCure
[2011/04/09 23:55:19 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/04/09 23:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2011/04/09 23:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/04/07 10:11:53 | 000,000,000 | -H-D | C] -- C:\Users\cat\Desktop\SHOPPING

========== Files - Modified Within 30 Days ==========

[2011/04/23 15:38:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/23 14:59:31 | 000,000,928 | ---- | M] () -- C:\Users\cat\Desktop\NTREGOPT.lnk
[2011/04/23 14:59:31 | 000,000,909 | ---- | M] () -- C:\Users\cat\Desktop\ERUNT.lnk
[2011/04/23 14:20:05 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 14:20:05 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/23 13:07:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/23 12:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/23 10:52:26 | 3169,443,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/22 23:14:11 | 000,010,461 | ---- | M] () -- C:\Users\cat\Desktop\Mill-Rite™ Grain Mill.rtf
[2011/04/22 20:54:35 | 000,003,490 | ---- | M] () -- C:\Users\cat\Desktop\Mil-Rite Grain.rtf
[2011/04/22 08:08:22 | 000,000,192 | ---- | M] () -- C:\Users\cat\Desktop\null0
[2011/04/21 21:38:16 | 000,000,000 | ---- | M] () -- C:\Users\cat\Desktop\null0.9813800352281536.exe
[2011/04/21 10:53:16 | 000,000,978 | ---- | M] () -- C:\Users\cat\Desktop\TROJANS.rtf
[2011/04/20 22:31:01 | 000,000,522 | ---- | M] () -- C:\Users\cat\Desktop\virus.rtf
[2011/04/20 21:48:10 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/04/20 21:48:06 | 000,001,225 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4 Beta.lnk
[2011/04/20 21:40:35 | 000,001,998 | ---- | M] () -- C:\Users\cat\Desktop\docs.rtf
[2011/04/20 21:36:39 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/04/20 21:04:08 | 000,001,262 | ---- | M] () -- C:\Users\cat\Desktop\Spybot - Search & Destroy.lnk
[2011/04/19 23:51:22 | 000,587,921 | ---- | M] () -- C:\Users\cat\Desktop\PURCHASE.rtf
[2011/04/19 20:47:02 | 000,721,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/19 20:47:02 | 000,620,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/19 20:47:02 | 000,105,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/19 20:46:11 | 002,209,501 | ---- | M] () -- C:\Users\cat\Desktop\P1030642.JPG
[2011/04/19 20:45:32 | 002,243,402 | ---- | M] () -- C:\Users\cat\Desktop\P1030639.JPG
[2011/04/19 20:40:48 | 002,788,091 | ---- | M] () -- C:\Users\cat\Desktop\P1030641.JPG
[2011/04/19 20:40:44 | 002,778,015 | ---- | M] () -- C:\Users\cat\Desktop\P1030640.JPG
[2011/04/18 23:17:07 | 000,000,261 | ---- | M] () -- C:\Users\cat\Desktop\YouTube - COLLAPSE ( FULL MOVIE ).url
[2011/04/17 21:37:14 | 261,339,873 | ---- | M] () -- C:\Users\cat\Desktop\Minoan Light.rtf
[2011/04/17 20:29:34 | 001,877,989 | ---- | M] () -- C:\Users\cat\Desktop\P1030623.JPG
[2011/04/17 20:28:28 | 003,591,944 | ---- | M] () -- C:\Users\cat\Desktop\P1030614.JPG
[2011/04/17 20:18:39 | 003,531,545 | ---- | M] () -- C:\Users\cat\Desktop\P1030610.JPG
[2011/04/17 20:08:06 | 001,527,973 | ---- | M] () -- C:\Users\cat\Desktop\P1030629.JPG
[2011/04/17 20:07:44 | 001,919,542 | ---- | M] () -- C:\Users\cat\Desktop\P1030628.JPG
[2011/04/17 20:07:30 | 001,550,543 | ---- | M] () -- C:\Users\cat\Desktop\P1030627.JPG
[2011/04/16 09:27:14 | 003,484,607 | ---- | M] () -- C:\Users\cat\Desktop\P1030613.JPG
[2011/04/16 09:27:00 | 003,448,690 | ---- | M] () -- C:\Users\cat\Desktop\P1030612.JPG
[2011/04/16 09:26:42 | 003,551,271 | ---- | M] () -- C:\Users\cat\Desktop\P1030611.JPG
[2011/04/16 01:17:02 | 000,002,053 | ---- | M] () -- C:\Users\cat\Desktop\BUG OUT.rtf
[2011/04/15 15:28:45 | 000,001,468 | ---- | M] () -- C:\Users\cat\Desktop\Scottsdale.rtf
[2011/04/15 14:37:59 | 000,000,472 | ---- | M] () -- C:\Users\cat\Desktop\Map Where Americans Are Moving - Forbes.com.url
[2011/04/14 13:16:44 | 024,128,588 | ---- | M] () -- C:\Users\cat\Desktop\GREEKS.rtf
[2011/04/13 23:06:45 | 000,001,424 | ---- | M] () -- C:\Users\cat\Desktop\Water Filters.rtf
[2011/04/12 14:22:14 | 000,432,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/12 10:44:57 | 000,000,358 | ---- | M] () -- C:\Users\cat\Desktop\Internet Explorer 9.rtf
[2011/04/11 19:50:11 | 000,000,268 | ---- | M] () -- C:\Users\cat\Desktop\Wide Awake Chat.url
[2011/04/11 14:48:32 | 000,012,104 | -HS- | M] () -- C:\Users\cat\AppData\Local\yth666jq165614i6ki
[2011/04/11 14:48:32 | 000,012,104 | -HS- | M] () -- C:\ProgramData\yth666jq165614i6ki
[2011/04/10 21:11:26 | 000,802,231 | ---- | M] () -- C:\Users\cat\AppData\Local\census.cache
[2011/04/10 21:11:13 | 000,107,319 | ---- | M] () -- C:\Users\cat\AppData\Local\ars.cache
[2011/04/10 00:53:53 | 000,000,265 | ---- | M] () -- C:\Users\cat\Desktop\PCHA.rtf
[2011/04/07 14:40:34 | 000,000,396 | -H-- | M] () -- C:\Users\cat\Desktop\YouTube - Broadcast Yourself..url
[2011/04/07 11:27:55 | 000,000,196 | ---- | M] () -- C:\Users\cat\Desktop\Silver Charts.url
[2011/04/07 11:07:44 | 000,000,128 | ---- | M] () -- C:\ProgramData\~46915336r
[2011/04/07 11:07:44 | 000,000,104 | ---- | M] () -- C:\ProgramData\~46915336
[2011/04/07 10:50:20 | 000,000,392 | ---- | M] () -- C:\ProgramData\46915336
[2011/04/06 08:38:19 | 000,004,891 | -H-- | M] () -- C:\Users\cat\Desktop\AIR COND.rtf
[2011/04/05 16:44:16 | 000,050,187 | -H-- | M] () -- C:\Users\cat\Desktop\hitler50i[1].jpg
[2011/04/04 23:09:02 | 000,003,069 | -H-- | M] () -- C:\Users\cat\Desktop\Aluminum Co2 Tank.rtf
[2011/04/01 22:05:52 | 001,559,000 | -H-- | M] () -- C:\Users\cat\Desktop\Vent.rtf
[2011/04/01 12:10:07 | 000,002,413 | -H-- | M] () -- C:\Users\cat\Desktop\Buckets.rtf
[2011/03/31 19:00:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/03/31 12:59:25 | 000,002,794 | -H-- | M] () -- C:\Users\cat\Desktop\Global Sun Ovens.rtf
[2011/03/28 22:15:41 | 000,003,640 | -H-- | M] () -- C:\Users\cat\Desktop\Food Storage Sources.rtf
[2011/03/28 14:41:07 | 000,006,920 | -H-- | M] () -- C:\Users\cat\Desktop\Nakamichi.rtf
[2011/03/27 23:26:14 | 000,559,549 | -H-- | M] () -- C:\Users\cat\Desktop\Appliance.rtf
[2011/03/27 23:16:32 | 000,004,918 | -H-- | M] () -- C:\Users\cat\Desktop\chk later.rtf
[2011/03/24 21:40:41 | 000,000,174 | -H-- | M] () -- C:\Users\cat\Desktop\Radiation Network.url

========== Files Created - No Company Name ==========

[2011/04/23 14:59:31 | 000,000,928 | ---- | C] () -- C:\Users\cat\Desktop\NTREGOPT.lnk
[2011/04/23 14:59:31 | 000,000,909 | ---- | C] () -- C:\Users\cat\Desktop\ERUNT.lnk
[2011/04/23 14:05:52 | 000,011,445 | ---- | C] () -- C:\Users\cat\Desktop\LSPFix-source.zip
[2011/04/23 12:59:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/23 12:59:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/23 12:59:21 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/23 12:59:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/23 12:59:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/22 23:13:05 | 000,010,461 | ---- | C] () -- C:\Users\cat\Desktop\Mill-Rite™ Grain Mill.rtf
[2011/04/22 20:54:35 | 000,003,490 | ---- | C] () -- C:\Users\cat\Desktop\Mil-Rite Grain.rtf
[2011/04/22 08:07:31 | 000,000,192 | ---- | C] () -- C:\Users\cat\Desktop\null0
[2011/04/21 21:38:16 | 000,000,000 | ---- | C] () -- C:\Users\cat\Desktop\null0.9813800352281536.exe
[2011/04/21 10:53:16 | 000,000,978 | ---- | C] () -- C:\Users\cat\Desktop\TROJANS.rtf
[2011/04/20 21:48:10 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/04/20 21:48:06 | 000,001,225 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4 Beta.lnk
[2011/04/20 21:42:53 | 000,000,522 | ---- | C] () -- C:\Users\cat\Desktop\virus.rtf
[2011/04/20 21:39:58 | 000,001,998 | ---- | C] () -- C:\Users\cat\Desktop\docs.rtf
[2011/04/20 21:04:08 | 000,001,262 | ---- | C] () -- C:\Users\cat\Desktop\Spybot - Search & Destroy.lnk
[2011/04/19 23:51:21 | 000,587,921 | ---- | C] () -- C:\Users\cat\Desktop\PURCHASE.rtf
[2011/04/19 20:44:58 | 002,209,501 | ---- | C] () -- C:\Users\cat\Desktop\P1030642.JPG
[2011/04/19 20:44:55 | 002,788,091 | ---- | C] () -- C:\Users\cat\Desktop\P1030641.JPG
[2011/04/19 20:44:53 | 002,778,015 | ---- | C] () -- C:\Users\cat\Desktop\P1030640.JPG
[2011/04/19 20:44:36 | 002,243,402 | ---- | C] () -- C:\Users\cat\Desktop\P1030639.JPG
[2011/04/18 23:17:07 | 000,000,261 | ---- | C] () -- C:\Users\cat\Desktop\YouTube - COLLAPSE ( FULL MOVIE ).url
[2011/04/17 21:36:58 | 261,339,873 | ---- | C] () -- C:\Users\cat\Desktop\Minoan Light.rtf
[2011/04/17 20:17:46 | 001,527,973 | ---- | C] () -- C:\Users\cat\Desktop\P1030629.JPG
[2011/04/17 20:17:41 | 001,919,542 | ---- | C] () -- C:\Users\cat\Desktop\P1030628.JPG
[2011/04/17 20:17:33 | 001,550,543 | ---- | C] () -- C:\Users\cat\Desktop\P1030627.JPG
[2011/04/17 20:17:07 | 001,877,989 | ---- | C] () -- C:\Users\cat\Desktop\P1030623.JPG
[2011/04/17 20:16:13 | 003,591,944 | ---- | C] () -- C:\Users\cat\Desktop\P1030614.JPG
[2011/04/17 20:16:06 | 003,484,607 | ---- | C] () -- C:\Users\cat\Desktop\P1030613.JPG
[2011/04/17 20:15:48 | 003,448,690 | ---- | C] () -- C:\Users\cat\Desktop\P1030612.JPG
[2011/04/17 20:15:30 | 003,551,271 | ---- | C] () -- C:\Users\cat\Desktop\P1030611.JPG
[2011/04/17 20:15:24 | 003,531,545 | ---- | C] () -- C:\Users\cat\Desktop\P1030610.JPG
[2011/04/16 01:17:02 | 000,002,053 | ---- | C] () -- C:\Users\cat\Desktop\BUG OUT.rtf
[2011/04/15 15:28:45 | 000,001,468 | ---- | C] () -- C:\Users\cat\Desktop\Scottsdale.rtf
[2011/04/15 14:37:59 | 000,000,472 | ---- | C] () -- C:\Users\cat\Desktop\Map Where Americans Are Moving - Forbes.com.url
[2011/04/14 13:16:43 | 024,128,588 | ---- | C] () -- C:\Users\cat\Desktop\GREEKS.rtf
[2011/04/13 23:06:45 | 000,001,424 | ---- | C] () -- C:\Users\cat\Desktop\Water Filters.rtf
[2011/04/12 10:44:57 | 000,000,358 | ---- | C] () -- C:\Users\cat\Desktop\Internet Explorer 9.rtf
[2011/04/11 19:50:11 | 000,000,268 | ---- | C] () -- C:\Users\cat\Desktop\Wide Awake Chat.url
[2011/04/11 14:46:27 | 000,012,104 | -HS- | C] () -- C:\Users\cat\AppData\Local\yth666jq165614i6ki
[2011/04/11 14:46:27 | 000,012,104 | -HS- | C] () -- C:\ProgramData\yth666jq165614i6ki
[2011/04/10 00:53:52 | 000,000,265 | ---- | C] () -- C:\Users\cat\Desktop\PCHA.rtf
[2011/04/09 16:37:16 | 000,802,231 | ---- | C] () -- C:\Users\cat\AppData\Local\census.cache
[2011/04/09 16:37:07 | 000,107,319 | ---- | C] () -- C:\Users\cat\AppData\Local\ars.cache
[2011/04/07 11:27:55 | 000,000,196 | ---- | C] () -- C:\Users\cat\Desktop\Silver Charts.url
[2011/04/07 10:44:38 | 000,000,128 | ---- | C] () -- C:\ProgramData\~46915336r
[2011/04/07 10:44:37 | 000,000,104 | ---- | C] () -- C:\ProgramData\~46915336
[2011/04/07 10:44:33 | 000,000,392 | ---- | C] () -- C:\ProgramData\46915336
[2011/04/05 16:47:29 | 000,050,187 | -H-- | C] () -- C:\Users\cat\Desktop\hitler50i[1].jpg
[2011/04/04 23:09:02 | 000,003,069 | -H-- | C] () -- C:\Users\cat\Desktop\Aluminum Co2 Tank.rtf
[2011/03/31 12:59:25 | 000,002,794 | -H-- | C] () -- C:\Users\cat\Desktop\Global Sun Ovens.rtf
[2011/03/28 22:15:41 | 000,003,640 | -H-- | C] () -- C:\Users\cat\Desktop\Food Storage Sources.rtf
[2011/03/27 21:48:07 | 000,006,920 | -H-- | C] () -- C:\Users\cat\Desktop\Nakamichi.rtf
[2011/03/26 01:04:41 | 000,559,549 | -H-- | C] () -- C:\Users\cat\Desktop\Appliance.rtf
[2011/03/24 23:52:28 | 001,559,000 | -H-- | C] () -- C:\Users\cat\Desktop\Vent.rtf
[2011/03/24 21:40:41 | 000,000,174 | -H-- | C] () -- C:\Users\cat\Desktop\Radiation Network.url
[2011/03/02 10:17:58 | 000,011,086 | -HS- | C] () -- C:\Users\cat\AppData\Local\2774976125
[2011/03/02 10:17:58 | 000,011,086 | -HS- | C] () -- C:\ProgramData\2774976125
[2011/02/03 13:30:27 | 000,008,482 | -H-- | C] () -- C:\Users\cat\AppData\Roaming\8CCA.9EE
[2010/10/30 19:36:18 | 000,012,800 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2010/10/30 16:28:35 | 000,000,036 | -H-- | C] () -- C:\Users\cat\AppData\Local\housecall.guid.cache
[2010/09/02 16:53:38 | 000,000,120 | -H-- | C] () -- C:\Users\cat\AppData\Local\Glefewizuteroyo.dat
[2010/09/02 16:53:38 | 000,000,000 | -H-- | C] () -- C:\Users\cat\AppData\Local\Ekocuwafonutu.bin
[2009/11/03 09:54:01 | 000,734,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/09 13:00:30 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/10/08 11:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/10 19:43:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/20 07:29:32 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/06 08:27:37 | 000,148,985 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/04/06 08:27:24 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/04/05 15:13:28 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009/04/05 11:51:02 | 000,001,322 | ---- | C] () -- C:\Windows\ntbackup.ini
[2009/04/05 08:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/05 07:36:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

========== LOP Check ==========

[2010/11/19 21:52:31 | 000,000,000 | -H-D | M] -- C:\Users\cat\AppData\Roaming\DassaultSystemes
[2011/04/23 14:26:09 | 000,000,000 | -H-D | M] -- C:\Users\cat\AppData\Roaming\DD73561CACC50BBB084E3545BAD28820
[2011/04/09 23:55:43 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\DriverCure
[2009/10/08 11:50:51 | 000,000,000 | -H-D | M] -- C:\Users\cat\AppData\Roaming\Image Zone Express
[2011/04/20 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\IObit
[2011/04/11 16:20:44 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Livestation
[2011/04/11 16:20:44 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Mchid
[2011/04/11 16:14:26 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\OpenOffice.org
[2010/10/28 22:08:40 | 000,000,000 | -H-D | M] -- C:\Users\cat\AppData\Roaming\Paltalk
[2011/04/09 23:55:43 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\ParetoLogic
[2009/10/08 11:51:05 | 000,000,000 | -H-D | M] -- C:\Users\cat\AppData\Roaming\Printer Info Cache
[2011/04/10 20:47:37 | 000,000,000 | -H-D | M] -- C:\Users\cat\AppData\Roaming\TeamViewer
[2009/10/08 11:51:07 | 000,000,000 | -H-D | M] -- C:\Users\cat\AppData\Roaming\VoipStunt
[2010/12/19 12:18:32 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


________________________________________________________________

.... and the one called extra




OTL Extras logfile created on: 4/23/2011 2:16:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\cat\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.01 Gb Total Space | 41.41 Gb Free Space | 27.79% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 148.92 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Computer Name: DELL470 | User Name: cat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B3E699B5-7EEE-4AB1-A7BB-A43B7B4D94ED}" = Windows NT Backup - Restore Utility
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE04D80B-ECEA-3228-4901-78CF0E480CA4}" = ATI Catalyst Install Manager
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Catalyst Media Center
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{295CC650-E4D0-11DE-8A39-0800200C9A66}" = Livestation
"{2B14A44F-5815-4136-9ECF-B56E928CEC0F}" = 6200
"{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}" = 3DVIA Shape for Maps
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F50839-A069-4903-B6B5-E438077A42ED}" = ATI TV Settings
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB3A70-25E1-4D41-BDFF-7ED20C07D623}" = 6200Trb
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7985F97F-7363-4A1E-80B9-50C4F0E8D19E}" = 6200_Help
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+™ for Windows® System - ATI
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5B549D3-953F-4101-A1B9-A1465069B996}" = PerSonoCall Consumer Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FC4F90EC-B1DA-11D9-9D77-000129760D75}" = Catalyst Media Center DVD Authoring Module
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4 Beta 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 1.99.1
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"LiveTV_ Toolbar" = LiveTV_ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero8Lite_is1" = Nero 8 Micro 8.3.2.1b
"OpenAL" = OpenAL
"PROR" = Microsoft Office Professional 2007
"RealPlayer 12.0" = RealPlayer
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"VoipStunt_is1" = VoipStunt
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = Remote Wonder Series Driver and Control Panel
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >





------------------------------------------------
RogueKiller Log below. I ran it and used the proxy Fix and this is the final log:
------------------------------------------------
RogueKiller V4.3.9 [04/16/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: cat [Admin rights]
Mode: Scan -- Date : 04/23/2011 15:16:09

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt



-----------------------------------
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP