Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help with a Winlog.exe infection/backdoor

Started by BrandonKeith , Jul 01 2011 10:21 PM

  • This topic is locked This topic is locked

#1
BrandonKeith
Posted 01 July 2011 - 10:21 PM

BrandonKeith

    Member

  • Member
  • PipPip
  • 35 posts
Ok, so I noticed when I opened firefox that it prompted me to install the new update, then I got an error message saying firefox was already open.. Checked my processes and there was already a small memory process of about 8mb running.. So I killed it manually to install my update.. Before I could open firefox I notice the process start up again automatically right before I closed the control. Ran an MB scan and it found a backdoor running. Did a quick quarantine, MB removed everything, did a full system scan after that and no issues, so I restarted.

Everything MB removed was back. Got it isolated and killed off again, went and found the registry key and deleted it manually. Restarted again, and once again all the malware files and reg key had re-populated. Can't find any info on what it is or how to find and kill it so I've come back to the guys who have helped me in the past. Here's my OTL logs.



OTL logfile created on: 7/1/2011 9:00:02 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Spook\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 73.48% Memory free
16.00 Gb Paging File | 13.66 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 183.25 Gb Free Space | 30.74% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 468.39 Gb Free Space | 78.57% Space Free | Partition Type: NTFS

Computer Name: GAMEBOX | User Name: Spook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 20:58:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
PRC - [2011/06/29 08:38:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/24 23:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
PRC - [2011/01/18 06:40:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/05/25 10:33:50 | 006,017,024 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/01 20:58:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 02:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/06/01 19:55:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/24 23:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/18 06:40:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 16:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/22 00:54:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 02:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/17 18:54:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/16 21:25:58 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/04/16 21:25:58 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/03/18 02:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 02:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/08/23 14:08:08 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/03/22 07:46:40 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 02:12:10 | 000,051,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/19 00:47:48 | 000,173,096 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/04/18 16:36:00 | 000,477,184 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw18bda.sys -- (hcw18bda)
DRV:64bit: - [2006/08/18 13:18:10 | 000,010,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2006/08/18 13:18:00 | 000,136,952 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2006/08/18 13:18:00 | 000,044,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2006/08/18 13:17:58 | 000,143,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2006/08/18 13:17:56 | 000,033,656 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2006/08/18 13:17:54 | 000,041,976 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2006/08/18 13:17:54 | 000,018,040 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2006/08/18 13:17:52 | 000,141,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2006/08/11 11:06:00 | 000,063,608 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV:64bit: - [2006/08/11 10:35:26 | 000,039,288 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2006/07/21 11:21:28 | 000,122,776 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV - [2005/01/02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://newgrounds.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.newgrounds.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.53.2


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/29 08:38:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/29 08:38:17 | 000,000,000 | ---D | M]

[2010/04/16 10:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spook\AppData\Roaming\Mozilla\Extensions
[2011/06/30 04:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions
[2010/04/28 06:28:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 14:28:47 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\[email protected]
[2011/04/13 15:38:58 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\[email protected]
[2011/01/09 13:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/06 10:07:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 07:36:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 10:06:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 13:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2010/04/22 03:45:42 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HKCU] C:\Users\Spook\AppData\Roaming\winlog\winlog.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Spook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Spook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/25 20:35:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e8b48c4a-5bef-11dd-b72a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b48c4a-5bef-11dd-b72a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 20:58:46 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
[2011/07/01 18:33:29 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Roaming\Malwarebytes
[2011/07/01 18:33:23 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/01 18:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/01 18:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/01 18:33:19 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/01 18:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/01 18:32:39 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Spook\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/30 12:22:49 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\flash
[2011/06/30 07:54:55 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\More Hmmm
[2011/06/29 17:41:16 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\Build ALTIMIT OS
[2011/06/28 07:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/28 07:45:13 | 000,000,000 | ---D | C] -- C:\Users\Spook\Documents\Aura Video Editor
[2011/06/26 03:16:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/06/24 16:16:03 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{8518EE69-23AF-4B0A-8974-566FEF4704D8}
[2011/06/20 16:44:20 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/06/20 16:44:09 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/06/20 07:15:19 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{01D3FCD8-A4FE-4D2A-8BE0-050169378311}
[2011/06/18 03:03:51 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{8638304C-EDA4-4BA3-92C3-01254BAC6395}
[2011/06/17 07:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/16 23:05:55 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\Steve Martin Movies
[2011/06/14 01:13:46 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{A9DBD412-B237-45C5-96FC-E50FAD7A9B15}
[2011/06/12 05:02:59 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{9DCB630B-7CEC-4C50-9279-3AE46B54448B}
[2011/06/11 15:32:50 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{455B8098-CCB3-401A-AA5B-918A0EE568EE}
[2011/06/03 16:15:47 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/06/03 16:15:47 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/06/02 02:44:47 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{504E7EEA-EBA2-451F-80F7-0372475A61F4}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 20:58:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
[2011/07/01 20:45:13 | 000,009,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 20:45:13 | 000,009,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 20:40:37 | 000,805,408 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/01 20:40:37 | 000,679,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/01 20:40:37 | 000,127,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/01 20:36:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 18:33:23 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 18:32:55 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Spook\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/01 18:31:33 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/01 18:28:52 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/29 09:29:21 | 000,251,040 | ---- | M] () -- C:\Users\Spook\Desktop\Firefox Books.html
[2011/06/29 08:44:38 | 000,480,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/28 07:45:52 | 000,004,608 | ---- | M] () -- C:\Users\Spook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 07:36:47 | 000,001,818 | ---- | M] () -- C:\Users\Spook\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 18:33:23 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 16:04:45 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/29 09:29:20 | 000,251,040 | ---- | C] () -- C:\Users\Spook\Desktop\Firefox Books.html
[2011/06/28 07:45:15 | 000,004,608 | ---- | C] () -- C:\Users\Spook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 16:44:48 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/06/20 16:43:58 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/06/20 16:43:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/06/20 16:43:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/06/20 16:43:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011/06/20 16:43:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/06/17 07:36:47 | 000,001,818 | ---- | C] () -- C:\Users\Spook\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/11/12 10:42:10 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/07/24 06:01:52 | 000,110,872 | ---- | C] () -- C:\Users\Spook\AppData\Roaming\icarus-dxdiag.xml
[2010/07/19 23:39:24 | 000,007,598 | ---- | C] () -- C:\Users\Spook\AppData\Local\Resmon.ResmonCfg
[2010/04/16 17:00:41 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/04/16 17:00:41 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/04/16 09:36:46 | 000,756,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/02 12:26:39 | 000,000,760 | ---- | C] () -- C:\Users\Spook\AppData\Roaming\setup_ldm.iss
[2010/01/12 17:46:26 | 000,038,407 | ---- | C] () -- C:\Windows\scunin.dat
[2009/10/18 13:10:17 | 002,103,957 | ---- | C] () -- C:\Windows\SysWow64\vt.exe
[2009/09/29 18:20:46 | 000,065,358 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2009/09/22 15:01:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/12 15:38:05 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/07/05 22:35:59 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 20:22:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/02/10 17:42:31 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/02/10 17:42:30 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/02/10 17:42:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/01/30 22:41:25 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/10/20 20:24:40 | 000,176,462 | ---- | C] () -- C:\Windows\hpwins19.dat.temp
[2008/10/20 20:24:40 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp
[2008/10/16 18:25:20 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2008/10/16 18:03:25 | 000,176,390 | ---- | C] () -- C:\Windows\hpwins19.dat
[2008/08/22 23:02:23 | 000,000,248 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2008/08/22 23:01:46 | 000,031,083 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/08/22 23:01:39 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2008/08/22 23:01:19 | 000,000,413 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/22 23:01:19 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/08/22 23:01:17 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
[2008/08/22 23:00:51 | 000,002,296 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008/08/14 00:30:04 | 000,056,056 | ---- | C] () -- C:\Windows\SysWow64\DLAAPI_W.DLL
[2008/08/14 00:30:04 | 000,000,130 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/08 18:10:21 | 000,003,548 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/30 21:47:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/07/27 08:21:53 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008/07/27 08:21:53 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/07/27 08:01:37 | 000,033,108 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/07/27 08:01:23 | 000,032,646 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/07/27 08:01:23 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/01/07 07:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2006/11/29 12:08:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/09/20 23:02:32 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/09/20 23:02:32 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/04/16 10:04:17 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/15 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools Lite
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools Pro
[2009/02/01 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\GetRightToGo
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\GOOD EVENING
[2010/04/16 10:04:20 | 000,000,000 | -H-D | M] -- C:\Users\Spook\AppData\Roaming\ijjigame
[2010/04/16 16:40:32 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Leadertech
[2010/04/16 10:04:33 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\NationRed
[2008/09/14 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\NetMedia Providers
[2010/04/16 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Publish Providers
[2010/04/16 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Research In Motion
[2010/04/16 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Sony
[2002/01/01 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\SystemRequirementsLab
[2011/01/19 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\TuneUp Software
[2011/07/01 15:52:30 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\uTorrent
[2011/05/18 03:50:44 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\wargaming.net
[2010/10/30 23:46:35 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Windows Live Writer
[2005/08/25 17:27:57 | 000,000,000 | RHSD | M] -- C:\Users\Spook\AppData\Roaming\winlog
[2011/01/06 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\XRay Engine
[2009/07/13 22:08:49 | 000,031,166 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >






OTL Extras logfile created on: 7/1/2011 9:00:02 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Spook\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 73.48% Memory free
16.00 Gb Paging File | 13.66 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 183.25 Gb Free Space | 30.74% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 468.39 Gb Free Space | 78.57% Space Free | Partition Type: NTFS

Computer Name: GAMEBOX | User Name: Spook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- Reg Error: Value error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Value error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"SP6" = Logitech SetPoint 6.15

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.4
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 23
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2877881B-0736-42AB-B312-D4457D57E56D}" = BlackBerry Device Software Updater
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java™ SE Development Kit 6 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor ™
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_Access_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_Access_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91140000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B668B8B2-821E-417D-8FE8-AA3BC52064DD}" = Sony ACID Music Studio 5.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1" = Wings of Prey 1.0.3.6
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD93976F-D5AC-4C70-805A-9D5BB2210D08}" = Roxio CinePlayer DVD Decoder for Windows Vista
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DefilerPak" = DefilerPak 1.22 (Remove Only)
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.AccessR" = Microsoft Access 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.9.0
"Starcraft" = Starcraft
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 19900" = Far Cry 2
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 22380" = Fallout: New Vegas
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 36620" = Forsaken World
"Steam App 380" = Half-Life 2: Episode One
"Steam App 38220" = Section 8
"Steam App 40000" = Fallen Earth
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 4560" = Company of Heroes
"Steam App 48160" = Tom Clancy's H.A.W.X. 2
"Steam App 500" = Left 4 Dead
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"Steam App 8190" = Just Cause 2
"Steam App 8850" = BioShock 2
"Steam App 9310" = Warhammer 40,000: Dawn of War – Winter Assault
"Steam App 9450" = Warhammer 40,000: Dawn of War – Soulstorm
"Steam App 9480" = Saints Row 2
"SystemRequirementsLab" = System Requirements Lab
"VISPRO" = Microsoft Office Visio Professional 2007
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"yuPlay клиент_is1" = yuPlay client 0.7.17

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
ali.B
Posted 06 July 2011 - 03:12 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKCU..\Run: [HKCU] C:\Users\Spook\AppData\Roaming\winlog\winlog.exe ()
O33 - MountPoints2\{e8b48c4a-5bef-11dd-b72a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b48c4a-5bef-11dd-b72a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
[2010/11/12 10:42:10 | 000,008,192 | -HS- | C] () -- C:\Windows\SysWow64\srvany.exe
[2005/08/25 17:27:57 | 000,000,000 | RHSD | M] -- C:\Users\Spook\AppData\Roaming\winlog

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces


Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
BrandonKeith
Posted 06 July 2011 - 03:59 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Alright, after reboot, didn't see any background browsers processes spring up, but what was strange is that I had the OTL.exe on my desktop and I had to download it again because it was missing from my system after reboot. In addition to that I now have 2 desktop.ini and 4 album art hidden files visible on my desktop.

Here are my MB and OTL logs.



Scan type: Quick scan
Objects scanned: 184696
Time elapsed: 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL logfile created on: 7/6/2011 2:55:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Spook\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.74% Memory free
16.00 Gb Paging File | 13.74 Gb Available in Paging File | 85.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 180.18 Gb Free Space | 30.22% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 468.39 Gb Free Space | 78.57% Space Free | Partition Type: NTFS

Computer Name: GAMEBOX | User Name: Spook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 14:52:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
PRC - [2011/06/29 08:38:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/24 23:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/18 06:40:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/05/25 10:33:50 | 006,017,024 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 14:52:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 02:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/06/01 19:55:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/24 23:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/18 06:40:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 16:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/22 00:54:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 02:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/17 18:54:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/16 21:25:58 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/04/16 21:25:58 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/03/18 02:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 02:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/08/23 14:08:08 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/03/22 07:46:40 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 02:12:10 | 000,051,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/19 00:47:48 | 000,173,096 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/04/18 16:36:00 | 000,477,184 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw18bda.sys -- (hcw18bda)
DRV:64bit: - [2006/08/18 13:18:10 | 000,010,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2006/08/18 13:18:00 | 000,136,952 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2006/08/18 13:18:00 | 000,044,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2006/08/18 13:17:58 | 000,143,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2006/08/18 13:17:56 | 000,033,656 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2006/08/18 13:17:54 | 000,041,976 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2006/08/18 13:17:54 | 000,018,040 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2006/08/18 13:17:52 | 000,141,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2006/08/11 11:06:00 | 000,063,608 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV:64bit: - [2006/08/11 10:35:26 | 000,039,288 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2006/07/21 11:21:28 | 000,122,776 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV - [2005/01/02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://newgrounds.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.newgrounds.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.53.2


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/03 17:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/03 17:58:44 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/03 17:58:44 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/03 17:58:44 | 000,000,000 | ---D | M]

[2010/04/16 10:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spook\AppData\Roaming\Mozilla\Extensions
[2011/07/04 05:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions
[2010/04/28 06:28:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 14:28:47 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\[email protected]
[2011/04/13 15:38:58 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\[email protected]
[2011/07/02 05:01:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/06 10:07:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 07:36:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 10:06:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 13:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2010/04/22 03:45:42 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Spook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Spook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/25 20:35:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 14:52:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
[2011/07/06 14:38:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/01 18:33:29 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Roaming\Malwarebytes
[2011/07/01 18:33:23 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/01 18:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/01 18:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/01 18:33:19 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/01 18:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/30 12:22:49 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\flash
[2011/06/30 07:54:55 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\More Hmmm
[2011/06/29 17:41:16 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\Build ALTIMIT OS
[2011/06/28 07:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/28 07:45:13 | 000,000,000 | ---D | C] -- C:\Users\Spook\Documents\Aura Video Editor
[2011/06/26 03:16:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/06/24 16:16:03 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{8518EE69-23AF-4B0A-8974-566FEF4704D8}
[2011/06/20 16:44:20 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/06/20 16:44:09 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/06/20 07:15:19 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{01D3FCD8-A4FE-4D2A-8BE0-050169378311}
[2011/06/18 03:03:51 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{8638304C-EDA4-4BA3-92C3-01254BAC6395}
[2011/06/17 07:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/16 23:05:55 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\Steve Martin Movies
[2011/06/14 01:13:46 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{A9DBD412-B237-45C5-96FC-E50FAD7A9B15}
[2011/06/12 05:02:59 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{9DCB630B-7CEC-4C50-9279-3AE46B54448B}
[2011/06/11 15:32:50 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{455B8098-CCB3-401A-AA5B-918A0EE568EE}

========== Files - Modified Within 30 Days ==========

[2011/07/06 14:52:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
[2011/07/06 14:51:29 | 000,009,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 14:51:29 | 000,009,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 14:48:51 | 000,805,408 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/06 14:48:51 | 000,679,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/06 14:48:51 | 000,127,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/06 14:41:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 18:33:23 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 18:31:33 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/01 18:28:52 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/29 09:29:21 | 000,251,040 | ---- | M] () -- C:\Users\Spook\Desktop\Firefox Books.html
[2011/06/29 08:44:38 | 000,480,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/28 07:45:52 | 000,004,608 | ---- | M] () -- C:\Users\Spook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 07:36:47 | 000,001,818 | ---- | M] () -- C:\Users\Spook\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/07/01 18:33:23 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 16:04:45 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/29 09:29:20 | 000,251,040 | ---- | C] () -- C:\Users\Spook\Desktop\Firefox Books.html
[2011/06/28 07:45:15 | 000,004,608 | ---- | C] () -- C:\Users\Spook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 16:44:48 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/06/20 16:43:58 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/06/20 16:43:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/06/20 16:43:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/06/20 16:43:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011/06/20 16:43:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/06/17 07:36:47 | 000,001,818 | ---- | C] () -- C:\Users\Spook\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/07/24 06:01:52 | 000,110,872 | ---- | C] () -- C:\Users\Spook\AppData\Roaming\icarus-dxdiag.xml
[2010/07/19 23:39:24 | 000,007,598 | ---- | C] () -- C:\Users\Spook\AppData\Local\Resmon.ResmonCfg
[2010/04/16 17:00:41 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/04/16 17:00:41 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/04/16 09:36:46 | 000,756,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/02 12:26:39 | 000,000,760 | ---- | C] () -- C:\Users\Spook\AppData\Roaming\setup_ldm.iss
[2010/01/12 17:46:26 | 000,038,407 | ---- | C] () -- C:\Windows\scunin.dat
[2009/10/18 13:10:17 | 002,103,957 | ---- | C] () -- C:\Windows\SysWow64\vt.exe
[2009/09/29 18:20:46 | 000,065,358 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2009/09/22 15:01:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/12 15:38:05 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/07/05 22:35:59 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 20:22:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/02/10 17:42:31 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/02/10 17:42:30 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/02/10 17:42:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/01/30 22:41:25 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/10/20 20:24:40 | 000,176,462 | ---- | C] () -- C:\Windows\hpwins19.dat.temp
[2008/10/20 20:24:40 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp
[2008/10/16 18:25:20 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2008/10/16 18:03:25 | 000,176,390 | ---- | C] () -- C:\Windows\hpwins19.dat
[2008/08/22 23:02:23 | 000,000,248 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2008/08/22 23:01:46 | 000,031,083 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/08/22 23:01:39 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2008/08/22 23:01:19 | 000,000,413 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/22 23:01:19 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/08/22 23:01:17 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
[2008/08/22 23:00:51 | 000,002,296 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008/08/14 00:30:04 | 000,056,056 | ---- | C] () -- C:\Windows\SysWow64\DLAAPI_W.DLL
[2008/08/14 00:30:04 | 000,000,130 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/08 18:10:21 | 000,003,548 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/30 21:47:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/07/27 08:21:53 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008/07/27 08:21:53 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/07/27 08:01:37 | 000,033,108 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/07/27 08:01:23 | 000,032,646 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/07/27 08:01:23 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/01/07 07:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2006/11/29 12:08:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/09/20 23:02:32 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/09/20 23:02:32 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/04/16 10:04:17 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/15 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools Lite
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools Pro
[2009/02/01 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\GetRightToGo
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\GOOD EVENING
[2010/04/16 10:04:20 | 000,000,000 | -H-D | M] -- C:\Users\Spook\AppData\Roaming\ijjigame
[2010/04/16 16:40:32 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Leadertech
[2010/04/16 10:04:33 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\NationRed
[2008/09/14 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\NetMedia Providers
[2010/04/16 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Publish Providers
[2010/04/16 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Research In Motion
[2010/04/16 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Sony
[2002/01/01 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\SystemRequirementsLab
[2011/01/19 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\TuneUp Software
[2011/07/01 15:52:30 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\uTorrent
[2011/05/18 03:50:44 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\wargaming.net
[2010/10/30 23:46:35 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Windows Live Writer
[2011/01/06 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\XRay Engine
[2009/07/13 22:08:49 | 000,031,414 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
ali.B
Posted 07 July 2011 - 04:18 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Click Start > Appearance Personalization > Folder Options

Click on the View tab

Click Restore Defaults then click OK

Now

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#5
BrandonKeith
Posted 07 July 2011 - 02:14 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Comp is running same as usual.. I didn't see any slow downs or issues with my system from the infection other than the background browser which since yesterday's fix with OTL is no longer an issue..


MB and ESET didn't find any threats.. here's the logs

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK





Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7034

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/7/2011 11:03:47 AM
mbam-log-2011-07-07 (11-03-47).txt

Scan type: Quick scan
Objects scanned: 185155
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
ali.B
Posted 07 July 2011 - 02:21 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#7
BrandonKeith
Posted 07 July 2011 - 03:34 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here's the OTL log.


OTL logfile created on: 7/7/2011 2:29:20 PM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Spook\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.83 Gb Available Physical Memory | 60.44% Memory free
16.00 Gb Paging File | 12.92 Gb Available in Paging File | 80.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 179.79 Gb Free Space | 30.16% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 468.39 Gb Free Space | 78.57% Space Free | Partition Type: NTFS

Computer Name: GAMEBOX | User Name: Spook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 14:52:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
PRC - [2011/06/29 08:38:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/24 23:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/11 19:27:06 | 005,121,576 | ---- | M] (Wargaming.net) -- C:\Games\World_of_Tanks\WOTLauncher.exe
PRC - [2011/01/18 06:40:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/05/25 10:33:50 | 006,017,024 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 14:52:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/06 02:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/06/01 19:55:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/24 23:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/18 06:40:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/03 16:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/02 12:27:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/22 00:54:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 02:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/17 18:54:13 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/16 21:25:58 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/04/16 21:25:58 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/03/18 02:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 02:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/08/23 14:08:08 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/03/22 07:46:40 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 02:12:10 | 000,051,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/05/19 00:47:48 | 000,173,096 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/04/18 16:36:00 | 000,477,184 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw18bda.sys -- (hcw18bda)
DRV:64bit: - [2006/08/18 13:18:10 | 000,010,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2006/08/18 13:18:00 | 000,136,952 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2006/08/18 13:18:00 | 000,044,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2006/08/18 13:17:58 | 000,143,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2006/08/18 13:17:56 | 000,033,656 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2006/08/18 13:17:54 | 000,041,976 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2006/08/18 13:17:54 | 000,018,040 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2006/08/18 13:17:52 | 000,141,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2006/08/11 11:06:00 | 000,063,608 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV:64bit: - [2006/08/11 10:35:26 | 000,039,288 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2006/07/21 11:21:28 | 000,122,776 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV - [2005/01/02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://newgrounds.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.newgrounds.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.53.2


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/03 17:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/03 17:58:44 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/03 17:58:44 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/03 17:58:44 | 000,000,000 | ---D | M]

[2010/04/16 10:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spook\AppData\Roaming\Mozilla\Extensions
[2011/07/06 14:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions
[2010/04/28 06:28:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 14:28:47 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\[email protected]
[2011/04/13 15:38:58 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Spook\AppData\Roaming\Mozilla\Firefox\Profiles\y3rnu0vf.default\extensions\[email protected]
[2011/07/02 05:01:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/06 10:07:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 07:36:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 10:06:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 13:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2010/04/22 03:45:42 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Spook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Spook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/25 20:35:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 11:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/07/06 14:52:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
[2011/07/06 14:38:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/01 18:33:29 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Roaming\Malwarebytes
[2011/07/01 18:33:23 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/01 18:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/01 18:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/01 18:33:19 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/01 18:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/30 12:22:49 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\flash
[2011/06/30 07:54:55 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\More Hmmm
[2011/06/29 17:41:16 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\Build ALTIMIT OS
[2011/06/28 07:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/28 07:45:13 | 000,000,000 | ---D | C] -- C:\Users\Spook\Documents\Aura Video Editor
[2011/06/26 03:16:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/06/24 16:16:03 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{8518EE69-23AF-4B0A-8974-566FEF4704D8}
[2011/06/20 16:44:20 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/06/20 16:44:09 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/06/20 07:15:19 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{01D3FCD8-A4FE-4D2A-8BE0-050169378311}
[2011/06/18 03:03:51 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{8638304C-EDA4-4BA3-92C3-01254BAC6395}
[2011/06/17 07:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/06/17 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/16 23:05:55 | 000,000,000 | ---D | C] -- C:\Users\Spook\Desktop\Steve Martin Movies
[2011/06/14 01:13:46 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{A9DBD412-B237-45C5-96FC-E50FAD7A9B15}
[2011/06/12 05:02:59 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{9DCB630B-7CEC-4C50-9279-3AE46B54448B}
[2011/06/11 15:32:50 | 000,000,000 | ---D | C] -- C:\Users\Spook\AppData\Local\{455B8098-CCB3-401A-AA5B-918A0EE568EE}

========== Files - Modified Within 30 Days ==========

[2011/07/07 03:00:16 | 000,009,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 03:00:16 | 000,009,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 14:52:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spook\Desktop\OTL.exe
[2011/07/06 14:48:51 | 000,805,408 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/06 14:48:51 | 000,679,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/06 14:48:51 | 000,127,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/06 14:41:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 18:33:23 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 18:31:33 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/01 18:28:52 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/29 09:29:21 | 000,251,040 | ---- | M] () -- C:\Users\Spook\Desktop\Firefox Books.html
[2011/06/29 08:44:38 | 000,480,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/28 07:45:52 | 000,004,608 | ---- | M] () -- C:\Users\Spook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 07:36:47 | 000,001,818 | ---- | M] () -- C:\Users\Spook\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/07/01 18:33:23 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 16:04:45 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/29 09:29:20 | 000,251,040 | ---- | C] () -- C:\Users\Spook\Desktop\Firefox Books.html
[2011/06/28 07:45:15 | 000,004,608 | ---- | C] () -- C:\Users\Spook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/20 16:44:48 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/06/20 16:43:58 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/06/20 16:43:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/06/20 16:43:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/06/20 16:43:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011/06/20 16:43:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/06/17 07:36:47 | 000,001,818 | ---- | C] () -- C:\Users\Spook\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/07/24 06:01:52 | 000,110,872 | ---- | C] () -- C:\Users\Spook\AppData\Roaming\icarus-dxdiag.xml
[2010/07/19 23:39:24 | 000,007,598 | ---- | C] () -- C:\Users\Spook\AppData\Local\Resmon.ResmonCfg
[2010/04/16 17:00:41 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/04/16 17:00:41 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/04/16 09:36:46 | 000,756,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/02 12:26:39 | 000,000,760 | ---- | C] () -- C:\Users\Spook\AppData\Roaming\setup_ldm.iss
[2010/01/12 17:46:26 | 000,038,407 | ---- | C] () -- C:\Windows\scunin.dat
[2009/10/18 13:10:17 | 002,103,957 | ---- | C] () -- C:\Windows\SysWow64\vt.exe
[2009/09/29 18:20:46 | 000,065,358 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2009/09/22 15:01:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/12 15:38:05 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/07/05 22:35:59 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 20:22:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/02/10 17:42:31 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/02/10 17:42:30 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/02/10 17:42:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/01/30 22:41:25 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/10/20 20:24:40 | 000,176,462 | ---- | C] () -- C:\Windows\hpwins19.dat.temp
[2008/10/20 20:24:40 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp
[2008/10/16 18:25:20 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2008/10/16 18:03:25 | 000,176,390 | ---- | C] () -- C:\Windows\hpwins19.dat
[2008/08/22 23:02:23 | 000,000,248 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2008/08/22 23:01:46 | 000,031,083 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/08/22 23:01:39 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2008/08/22 23:01:19 | 000,000,413 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/22 23:01:19 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/08/22 23:01:17 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
[2008/08/22 23:00:51 | 000,002,296 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008/08/14 00:30:04 | 000,056,056 | ---- | C] () -- C:\Windows\SysWow64\DLAAPI_W.DLL
[2008/08/14 00:30:04 | 000,000,130 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/08 18:10:21 | 000,003,548 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/07/30 21:47:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2008/07/27 08:21:53 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008/07/27 08:21:53 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/07/27 08:01:37 | 000,033,108 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/07/27 08:01:23 | 000,032,646 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/07/27 08:01:23 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/01/07 07:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2006/11/29 12:08:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/09/20 23:02:32 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/09/20 23:02:32 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/04/16 10:04:17 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/15 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools Lite
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\DAEMON Tools Pro
[2009/02/01 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\GetRightToGo
[2010/04/16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\GOOD EVENING
[2010/04/16 10:04:20 | 000,000,000 | -H-D | M] -- C:\Users\Spook\AppData\Roaming\ijjigame
[2010/04/16 16:40:32 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Leadertech
[2010/04/16 10:04:33 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\NationRed
[2008/09/14 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\NetMedia Providers
[2010/04/16 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Publish Providers
[2010/04/16 10:04:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Research In Motion
[2010/04/16 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Sony
[2002/01/01 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\SystemRequirementsLab
[2011/01/19 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\TuneUp Software
[2011/07/01 15:52:30 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\uTorrent
[2011/05/18 03:50:44 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\wargaming.net
[2010/10/30 23:46:35 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\Windows Live Writer
[2011/01/06 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\Spook\AppData\Roaming\XRay Engine
[2009/07/13 22:08:49 | 000,031,414 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#8
ali.B
Posted 07 July 2011 - 03:57 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
[createrestorepoint]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Thank you :unsure:
  • 0

#9
BrandonKeith
Posted 07 July 2011 - 07:28 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ya, I've been using firefox since 2005 and I've had MSE for a while but found it was disabled, did a reinstall and that seems to have cleared that issue up. Usually spybot S&D has been good to me in the past and keeps my browsers immunized, guess the detection engine isn't up to standard anymore.. But anyway, thanks for the help guys.
  • 0

#10
ali.B
Posted 08 July 2011 - 03:46 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP