Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Returning Trojan That Redirects Google Searches


  • This topic is locked This topic is locked

#1
Alpaca

Alpaca

    New Member

  • Member
  • Pip
  • 8 posts
Hi there,

First off, I would like to say thank you a lot for having a forum up like this! And reading my post!
I really don't know who else to turn to at this point, after weeks and week of attempting to fix this myself. (I'm kind of a noob, sorry.)

Basically, I search up something on Google and the search options I click redirect me to an Ad site with the simliar topic.

I've run SUPERAnti-spyware, Microsoft Essentials,and Malwarebyte's Anti-malware.
Malwarebyte's always catches a few trojans, and I happily remove them, but when I go back to Google 5 minutes later, my searches are redirected...again!

I'm losing my mind, and I don't know what to do..I just want this trojan to go away!

Thanks again for looking at my post, and helping out people who are in need!
I hope I won't be a bother. If I ask too many questions, sorry. I'm not that bright with computers.

Thank you, again!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, if you have any questions then do not hesitate to ask :)

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Alpaca

Alpaca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yay!

Okay, so, as I was running OTL, a pop up came up saying:
OTL.exe- No Disk
There is no disk in the drive.
Please insert a disk into drive
device\harddisk2DR2

I just pressed continue multiple times, and I got:


OTL:
OTL logfile created on: 9/4/2011 9:34:29 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\shelly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 66.47% Memory free
5.50 Gb Paging File | 4.07 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 169.62 Gb Free Space | 76.82% Space Free | Partition Type: NTFS
Drive E: | 596.02 Gb Total Space | 462.72 Gb Free Space | 77.63% Space Free | Partition Type: FAT32

Computer Name: SHELLY-PC | User Name: shelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/09/04 09:29:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\shelly\Desktop\OTL.exe
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/12/17 12:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/08/03 14:57:24 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 00:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/04/16 03:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/04 00:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/04 00:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/24 13:17:54 | 000,004,096 | ---- | M] () -- E:\MSN+\Messenger Plus! Live\Detoured.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/29 14:42:13 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/29 00:05:26 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/08/13 07:15:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007/02/12 04:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 12:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/28 23:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/29 14:42:13 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/02/03 16:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/13 09:30:14 | 006,201,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/23 11:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/16 22:33:00 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/06/19 03:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/14 22:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 07:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/07 02:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/05/07 02:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/05/04 19:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/28 23:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 10:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 10:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 10:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 16:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 16:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/03/28 11:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2006/12/12 03:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/06/17 18:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...33z1m6a48j34284
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...33z1m6a48j34284
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...33z1m6a48j34284
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...33z1m6a48j34284
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A D9 DE 0F AE 2D F7 42 B6 DF DB C8 BB 2A BD F9 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A D9 DE 0F AE 2D F7 42 B6 DF DB C8 BB 2A BD F9 [binary data]

IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...33z1m6a48j34284
IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A D9 DE 0F AE 2D F7 42 B6 DF DB C8 BB 2A BD F9 [binary data]
IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9d320f54-6f87-4837-8915-73a23b1bd995}:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/22 16:53:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/22 16:53:28 | 000,000,000 | ---D | M]

[2011/02/06 14:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shelly\AppData\Roaming\Mozilla\Extensions
[2011/09/03 17:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions
[2011/09/03 15:26:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{2a82c5ea-f5af-4a45-aff3-6c89bf4956de}
[2011/07/29 10:05:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{9d320f54-6f87-4837-8915-73a23b1bd995}
[2011/09/03 10:58:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{a8e7e602-d8a7-4edc-9469-1a7f269fe598}
[2011/09/03 15:12:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/09/04 09:23:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{d0ef1bf3-5b84-41d9-a812-fb0420d77429}
[2011/09/03 14:54:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{f912b74d-1a52-4aa7-95a1-7f09e494a135}
[2011/02/06 14:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {0FDED90A-2DAE-42F7-B6DF-DBC8BB2ABDF9} - C:\Windows\SysWOW64\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - File not found
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [ATIUpdate] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [ATIUpdate] File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001..\Run: [Steam] E:\Steam\Steamer\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\shelly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\shelly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://nxcache.nexon...b.2010.5.03.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7751EA-7DBA-44BD-93EF-58B589E7CAF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F9C127-AE30-460E-A9E1-B5CD28197A86}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/18 16:43:41 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - E:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\{48317e8b-87df-11df-afe7-00269e67e63f}\Shell - "" = AutoRun
O33 - MountPoints2\{48317e8b-87df-11df-afe7-00269e67e63f}\Shell\AutoRun\command - "" = G:\MI.exe
O33 - MountPoints2\{daca8986-f562-11de-bedb-00269e67e63f}\Shell - "" = AutoRun
O33 - MountPoints2\{daca8986-f562-11de-bedb-00269e67e63f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 09:29:22 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\shelly\Desktop\OTL.exe
[2011/09/04 09:02:28 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{27CFBFEC-71A4-4ED2-9379-2215E57A25FC}
[2011/09/04 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{4C7F1607-1D11-4FAC-92DC-F31D3D3432C1}
[2011/09/04 08:51:06 | 000,000,000 | R--D | C] -- C:\Users\shelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/09/03 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{81774C92-8713-4418-A26F-173C8DFADFC0}
[2011/09/03 21:01:10 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{3C0A4E40-534F-4FD6-9884-DEE5283F9310}
[2011/09/03 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{B7BB02FF-7F62-4E12-9C59-FEAA420F3A60}
[2011/09/03 09:00:19 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{0B322B47-9CB7-4E0B-A2B9-A7345F9C5946}
[2011/09/02 20:59:51 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{F542D6B8-368C-4DE9-A4D0-32D05151C649}
[2011/09/02 20:57:51 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{88743C63-96ED-4321-B777-75EDDE7E0345}
[2011/09/02 09:06:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/09/02 09:05:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/09/02 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{3DF468A6-CE3D-41A0-855A-D4F37D023D83}
[2011/09/02 08:56:57 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{AE556B63-FA6A-497B-8D39-45DA2856E432}
[2011/09/01 20:56:24 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{7BB8208E-F602-4C87-A01E-79A976AC2698}
[2011/09/01 08:55:44 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{BF4CCFBD-74F7-4A65-8246-C0C94F48D515}
[2011/09/01 08:54:16 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{1F9D35E4-D4CE-4BFF-96DD-3CB443688764}
[2011/08/31 19:32:27 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{F76FE708-4DFB-45E2-A423-BACBBDF711D5}
[2011/08/31 07:35:31 | 000,000,000 | ---D | C] -- C:\Users\shelly\Desktop\shelly's summer stuff
[2011/08/31 07:30:40 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{E37A6C71-666A-4292-98C0-A4BFDB2E1A54}
[2011/08/31 07:28:59 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{6DA4B06F-4CB4-4735-BFC3-A7EBBF6342E2}
[2011/08/30 11:27:38 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{011181F2-0CAB-41C9-8847-C46CE2D2FBB0}
[2011/08/30 11:26:29 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{BCD32CA0-7B0E-4173-B4E3-E8FAD0E9366A}
[2011/08/30 11:16:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/30 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/30 11:11:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/30 10:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/30 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/08/30 10:57:10 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{50C42CDD-9F8F-4203-8BE5-DC73CF71F887}
[2011/08/30 10:56:39 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{5F710932-4927-4865-BB47-BFF4199E396A}
[2011/08/30 07:14:47 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{0D451303-AB2C-4ED2-A3E1-09F45F5C2720}
[2011/08/30 07:14:24 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{69507E0D-CC30-471F-B9BF-18B1A726E40A}
[2011/08/29 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{AAAC7392-4058-44A4-82BA-F3998F37FA2C}
[2011/08/29 14:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/08/29 14:41:28 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{A020525B-7249-4CA6-A47C-F69D295F4A02}
[2011/08/29 14:39:41 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{CF4857D6-D74D-45A1-A2CC-2FAC6318FDE3}
[2011/07/29 09:39:46 | 011,688,696 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\shelly\Desktop\*.tmp files -> C:\Users\shelly\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 09:29:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\shelly\Desktop\OTL.exe
[2011/09/04 09:24:18 | 000,000,374 | ---- | M] () -- C:\Users\shelly\Desktop\ Mabinogi .lnk
[2011/09/04 09:03:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/04 08:58:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 08:58:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 08:55:27 | 000,735,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/04 08:55:27 | 000,630,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/04 08:55:27 | 000,109,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/04 08:50:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 08:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/04 08:50:05 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/03 08:16:11 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/30 10:54:36 | 331,135,685 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/29 14:48:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/29 14:47:43 | 000,749,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\shelly\Desktop\*.tmp files -> C:\Users\shelly\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/18 12:57:56 | 000,012,252 | -HS- | C] () -- C:\Users\shelly\AppData\Local\8541a2c6y8v8388fry
[2011/04/18 12:57:56 | 000,012,252 | -HS- | C] () -- C:\ProgramData\8541a2c6y8v8388fry
[2011/02/06 14:51:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/27 11:11:12 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/22 16:17:39 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2010/05/18 17:46:38 | 000,000,356 | ---- | C] () -- C:\Users\shelly\AppData\Roaming\wklnhst.dat
[2010/05/08 20:57:35 | 000,000,248 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/21 22:28:05 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/21 22:28:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/11/11 11:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/05 23:10:06 | 000,000,590 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/08 16:26:06 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\.minecraft
[2010/02/26 08:40:55 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\acccore
[2011/09/03 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\DVDVideoSoft
[2011/07/31 15:35:57 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/25 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\gtk-2.0
[2010/01/07 19:44:38 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Nexon
[2010/03/01 21:32:52 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\ooVoo Details
[2010/01/25 14:12:20 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Publish Providers
[2010/12/25 15:51:33 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Sony
[2010/01/27 10:36:05 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\SYSTEMAX Software Development
[2010/06/20 17:25:11 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\TeamViewer
[2010/05/18 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Template
[2009/12/16 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\WildTangent
[2011/06/06 21:50:41 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Windows Live Writer
[2011/04/21 12:03:33 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\shelly\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\shelly\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\shelly\AppData\Local\Temp\RarSFX0\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\shelly\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >


Extras:
OTL Extras logfile created on: 9/4/2011 9:34:29 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\shelly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 66.47% Memory free
5.50 Gb Paging File | 4.07 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 169.62 Gb Free Space | 76.82% Space Free | Partition Type: NTFS
Drive E: | 596.02 Gb Total Space | 462.72 Gb Free Space | 77.63% Space Free | Partition Type: FAT32

Computer Name: SHELLY-PC | User Name: shelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7C552757-172E-4C18-AA3E-3DFAC5A15DAA}" = O2Micro Flash Memory Card Reader Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime (Drop Down Deals) 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{93C7C474-9550-A7DB-ED71-6A266839BAB1}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BDF14120-649E-E60E-7887-A52ED55AB069}" = ATI Catalyst Install Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08F17F89-ACAA-1F0B-C3DD-B92169DA8CE3}" = CCC Help Norwegian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB20DA-C413-C62E-25A4-AEAEFA7D4229}" = Catalyst Control Center Graphics Full Existing
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{16F49D13-EFEB-7E05-C738-30F8EEF61039}" = CCC Help Polish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B5A8EA6-B0B3-B984-CEAF-1C450AC10053}" = CCC Help French
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{301AE8E9-51C2-2261-ECBC-07AB0FA91F47}" = Catalyst Control Center Core Implementation
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B5722C-4B07-B26B-74C0-EC6AF6666020}" = CCC Help Finnish
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3DF7DDDA-136E-A5DC-3CF9-4CA9091A98AD}" = CCC Help Portuguese
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43A36DD7-21DB-0C3E-FAF7-3CDDF8334291}" = CCC Help Hungarian
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{55DBF9E5-FBF7-178B-6C0A-F5E66EB8B25A}" = Catalyst Control Center Graphics Full New
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B513067-AFA9-CF63-8B81-471E017CC0DC}" = CCC Help English
"{5CAB5B33-395F-C584-E348-2F09A717F007}" = CCC Help Czech
"{5E0846B0-E3E1-0445-E783-F6A732F366C5}" = CCC Help Russian
"{6256EF7D-CDBB-68B6-EF03-7168CC25A66A}" = CCC Help Swedish
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6EC54105-EFCE-CCCF-84AC-D733A14E13D4}" = CCC Help Thai
"{6F73E7E8-88D8-AFA3-9FEF-B42C9DD3A1BE}" = CCC Help Greek
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7657FF7C-4F66-D05A-316C-9BAA0DA241E4}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7DE17FEB-3426-B037-1D10-8D5935F6A363}" = CCC Help Japanese
"{7F410D1A-62AE-6E53-F758-D9DDF41F8CB2}" = CCC Help Chinese Standard
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8BA72DDF-8582-F804-887C-D247A79CE797}" = CCC Help Dutch
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92070ADF-E5C9-781C-E0B0-F427622DDEAF}" = Catalyst Control Center Localization All
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A228588C-1254-03BC-2F27-20A3C9FFC69D}" = ccc-core-static
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6A415E3-9E16-62E6-3BB1-A46C772D4850}" = CCC Help Danish
"{A6FDE072-1095-7FF8-59E1-046F291B6B36}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.3 MUI
"{AEE0253A-8415-8DA8-7F0F-42F5DC36F4B6}" = CCC Help Korean
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C934BCFB-43F1-15AA-2CC5-97B6734F6F32}" = CCC Help Turkish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6334F6E-0524-88AF-1E43-D9DAF53DF650}" = CCC Help Chinese Traditional
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D8868D2C-E074-6BC4-416A-374AEC2268C7}" = Catalyst Control Center Graphics Light
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E0639E2A-47F0-C511-AE5A-38798E41AA45}" = CCC Help Italian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB0C9571-7B4F-6E15-9527-0EE0B026F302}" = CCC Help German
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"CamStudio" = CamStudio
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InterActual Player" = InterActual Player
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MapleStory" = MapleStory
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Recover Data for FAT & NTFS_is1" = Recover Data for FAT & NTFS
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 400" = Portal
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2011 8:16:02 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:16:02 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:16:02 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:16:02 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:16:02 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:16:02 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:16:03 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:16:03 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:28:05 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/31/2011 8:28:05 PM | Computer Name = shelly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 9/3/2011 10:26:31 AM | Computer Name = shelly-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{6C990EDE-DA2D-459E-BEC0-1CFA5B7C984C}
because another computer on the network has the same name. The server could not
start.

Error - 9/3/2011 10:26:31 AM | Computer Name = shelly-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{EE9FF650-3C61-4F19-824E-68CD25298909}
because another computer on the network has the same name. The server could not
start.

Error - 9/3/2011 10:27:13 AM | Computer Name = shelly-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/3/2011 10:27:17 AM | Computer Name = shelly-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/3/2011 10:27:18 AM | Computer Name = shelly-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/3/2011 12:44:14 PM | Computer Name = shelly-PC | Source = NetBT | ID = 4321
Description = The name "SHELLY-PC :0" could not be registered on the interface
with IP address 192.168.1.33. The computer with the IP address 192.168.1.45 did
not allow the name to be claimed by this computer.

Error - 9/3/2011 12:44:24 PM | Computer Name = shelly-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C2F9C127-AE30-460E-A9E1-B5CD28197A86}
because another computer on the network has the same name. The server could not
start.

Error - 9/3/2011 12:44:24 PM | Computer Name = shelly-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{377AACAB-081F-45FC-AF71-1D0264CBE56C}
because another computer on the network has the same name. The server could not
start.

Error - 9/3/2011 12:44:24 PM | Computer Name = shelly-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{3E7751EA-7DBA-44BD-93EF-58B589E7CAF4}
because another computer on the network has the same name. The server could not
start.

Error - 9/3/2011 12:44:24 PM | Computer Name = shelly-PC | Source = NetBT | ID = 4321
Description = The name "SHELLY-PC :20" could not be registered on the interface
with IP address 192.168.1.33. The computer with the IP address 192.168.1.45 did
not allow the name to be claimed by this computer.


< End of report >


aswMBR:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-04 09:49:50
-----------------------------
09:49:50.391 OS Version: Windows x64 6.1.7601 Service Pack 1
09:49:50.391 Number of processors: 2 586 0x301
09:49:50.391 ComputerName: SHELLY-PC UserName: shelly
09:49:51.624 Initialize success
09:52:21.521 AVAST engine defs: 11090400
09:52:25.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:52:25.546 Disk 0 Vendor: WDC_WD2500BEVT-00ZCT0 11.01A11 Size: 238475MB BusType: 3
09:52:27.637 Disk 0 MBR read successfully
09:52:27.637 Disk 0 MBR scan
09:52:27.761 Disk 0 Windows 7 default MBR code
09:52:27.761 Service scanning
09:52:28.666 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:52:29.368 Modules scanning
09:52:29.368 Disk 0 trace - called modules:
09:52:29.384 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:52:29.399 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ec3160]
09:52:29.415 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8002e0a040]
09:52:29.415 5 ACPI.sys[fffff88000fad7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002dfd680]
09:52:32.207 AVAST engine scan C:\Windows
09:52:35.920 AVAST engine scan C:\Windows\system32
09:55:46.100 AVAST engine scan C:\Windows\system32\drivers
09:56:07.223 AVAST engine scan C:\Users\shelly
10:24:14.957 AVAST engine scan C:\ProgramData
10:28:31.874 Scan finished successfully
10:36:45.022 Disk 0 MBR has been saved successfully to "C:\Users\shelly\Desktop\MBR.dat"
10:36:45.147 The log file has been saved successfully to "C:\Users\shelly\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets start some removal .. On completion of this run can you check for redirects and let me know if they are still present

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A D9 DE 0F AE 2D F7 42 B6 DF DB C8 BB 2A BD F9 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A D9 DE 0F AE 2D F7 42 B6 DF DB C8 BB 2A BD F9 [binary data]
    IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0A D9 DE 0F AE 2D F7 42 B6 DF DB C8 BB 2A BD F9 [binary data]
    IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
    FF - prefs.js..extensions.enabledItems: {9d320f54-6f87-4837-8915-73a23b1bd995}:1.0
    [2011/09/03 15:26:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{2a82c5ea-f5af-4a45-aff3-6c89bf4956de}
    [2011/07/29 10:05:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{9d320f54-6f87-4837-8915-73a23b1bd995}
    [2011/09/03 10:58:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{a8e7e602-d8a7-4edc-9469-1a7f269fe598}
    [2011/09/04 09:23:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{d0ef1bf3-5b84-41d9-a812-fb0420d77429}
    [2011/09/03 14:54:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{f912b74d-1a52-4aa7-95a1-7f09e494a135}
    O2 - BHO: (no name) - {0FDED90A-2DAE-42F7-B6DF-DBC8BB2ABDF9} - C:\Windows\SysWOW64\wscui32.dll (Creative Technology Ltd)
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - File not found
    O3 - HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - File not found
    [2011/04/18 12:57:56 | 000,012,252 | -HS- | C] () -- C:\Users\shelly\AppData\Local\8541a2c6y8v8388fry
    [2011/04/18 12:57:56 | 000,012,252 | -HS- | C] () -- C:\ProgramData\8541a2c6y8v8388fry
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\shelly\AppData\Local\Temp\RarSFX0\procs\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\shelly\AppData\Local\Temp\RarSFX0\h\explorer.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\shelly\AppData\Local\Temp\RarSFX0\winlogon.exe

    :Reg
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-21-1229839948-2450915291-1125151926-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Alpaca

Alpaca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I just google'd a bunch of things, and I think it's gone now!
Hopefully! :)
Tell me if it's good news?!


Here's the OTL.txt:
OTL logfile created on: 9/4/2011 4:16:13 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\shelly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 55.51% Memory free
5.50 Gb Paging File | 4.02 Gb Available in Paging File | 73.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 170.94 Gb Free Space | 77.43% Space Free | Partition Type: NTFS
Drive E: | 596.02 Gb Total Space | 463.11 Gb Free Space | 77.70% Space Free | Partition Type: FAT32

Computer Name: SHELLY-PC | User Name: shelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/09/04 09:29:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\shelly\Desktop\OTL.exe
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/11/20 08:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/12/17 12:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/08/03 14:57:24 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/06/04 00:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/04/16 03:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/04 00:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/04 00:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/24 13:17:54 | 000,004,096 | ---- | M] () -- E:\MSN+\Messenger Plus! Live\Detoured.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/29 14:42:13 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/29 00:05:26 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/08/13 07:15:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007/02/12 04:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 12:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/28 23:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/29 14:42:13 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/02/03 16:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/13 09:30:14 | 006,201,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/23 11:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/16 22:33:00 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/06/19 03:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/14 22:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 07:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/07 02:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/05/07 02:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/05/04 19:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/28 23:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 10:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 10:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 10:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 16:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 16:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/03/28 11:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2006/12/12 03:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/06/17 18:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...33z1m6a48j34284
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...33z1m6a48j34284
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...33z1m6a48j34284
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...33z1m6a48j34284
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...33z1m6a48j34284
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems:
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/22 16:53:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/22 16:53:28 | 000,000,000 | ---D | M]

[2011/02/06 14:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shelly\AppData\Roaming\Mozilla\Extensions
[2011/09/04 16:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions
[2011/09/03 15:12:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\shelly\AppData\Roaming\Mozilla\Firefox\Profiles\pgv05tog.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/06 14:50:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\SHELLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PGV05TOG.DEFAULT\EXTENSIONS\{9D320F54-6F87-4837-8915-73A23B1BD995}

O1 HOSTS File: ([2011/09/04 16:05:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] E:\Steam\Steamer\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\shelly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\shelly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://nxcache.nexon...b.2010.5.03.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7751EA-7DBA-44BD-93EF-58B589E7CAF4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F9C127-AE30-460E-A9E1-B5CD28197A86}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/18 16:43:41 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - E:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\{48317e8b-87df-11df-afe7-00269e67e63f}\Shell - "" = AutoRun
O33 - MountPoints2\{48317e8b-87df-11df-afe7-00269e67e63f}\Shell\AutoRun\command - "" = G:\MI.exe
O33 - MountPoints2\{daca8986-f562-11de-bedb-00269e67e63f}\Shell - "" = AutoRun
O33 - MountPoints2\{daca8986-f562-11de-bedb-00269e67e63f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 16:13:01 | 000,000,000 | R--D | C] -- C:\Users\shelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/09/04 16:05:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 09:48:54 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\shelly\Desktop\aswMBR.exe
[2011/09/04 09:29:22 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\shelly\Desktop\OTL.exe
[2011/09/04 09:02:28 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{27CFBFEC-71A4-4ED2-9379-2215E57A25FC}
[2011/09/04 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{4C7F1607-1D11-4FAC-92DC-F31D3D3432C1}
[2011/09/03 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{81774C92-8713-4418-A26F-173C8DFADFC0}
[2011/09/03 21:01:10 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{3C0A4E40-534F-4FD6-9884-DEE5283F9310}
[2011/09/03 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{B7BB02FF-7F62-4E12-9C59-FEAA420F3A60}
[2011/09/03 09:00:19 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{0B322B47-9CB7-4E0B-A2B9-A7345F9C5946}
[2011/09/02 20:59:51 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{F542D6B8-368C-4DE9-A4D0-32D05151C649}
[2011/09/02 20:57:51 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{88743C63-96ED-4321-B777-75EDDE7E0345}
[2011/09/02 09:06:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/09/02 09:05:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/09/02 08:57:21 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{3DF468A6-CE3D-41A0-855A-D4F37D023D83}
[2011/09/02 08:56:57 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{AE556B63-FA6A-497B-8D39-45DA2856E432}
[2011/09/01 20:56:24 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{7BB8208E-F602-4C87-A01E-79A976AC2698}
[2011/09/01 08:55:44 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{BF4CCFBD-74F7-4A65-8246-C0C94F48D515}
[2011/09/01 08:54:16 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{1F9D35E4-D4CE-4BFF-96DD-3CB443688764}
[2011/08/31 19:32:27 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{F76FE708-4DFB-45E2-A423-BACBBDF711D5}
[2011/08/31 07:35:31 | 000,000,000 | ---D | C] -- C:\Users\shelly\Desktop\shelly's summer stuff
[2011/08/31 07:30:40 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{E37A6C71-666A-4292-98C0-A4BFDB2E1A54}
[2011/08/31 07:28:59 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{6DA4B06F-4CB4-4735-BFC3-A7EBBF6342E2}
[2011/08/30 11:27:38 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{011181F2-0CAB-41C9-8847-C46CE2D2FBB0}
[2011/08/30 11:26:29 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{BCD32CA0-7B0E-4173-B4E3-E8FAD0E9366A}
[2011/08/30 11:16:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/30 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/30 11:11:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/30 10:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/30 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/08/30 10:57:10 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{50C42CDD-9F8F-4203-8BE5-DC73CF71F887}
[2011/08/30 10:56:39 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{5F710932-4927-4865-BB47-BFF4199E396A}
[2011/08/30 07:14:47 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{0D451303-AB2C-4ED2-A3E1-09F45F5C2720}
[2011/08/30 07:14:24 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{69507E0D-CC30-471F-B9BF-18B1A726E40A}
[2011/08/29 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{AAAC7392-4058-44A4-82BA-F3998F37FA2C}
[2011/08/29 14:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/08/29 14:41:28 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{A020525B-7249-4CA6-A47C-F69D295F4A02}
[2011/08/29 14:39:41 | 000,000,000 | ---D | C] -- C:\Users\shelly\AppData\Local\{CF4857D6-D74D-45A1-A2CC-2FAC6318FDE3}
[2011/07/29 09:39:46 | 011,688,696 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware.exe
[1 C:\Users\shelly\Desktop\*.tmp files -> C:\Users\shelly\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 16:20:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 16:20:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 16:17:33 | 000,735,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/04 16:17:33 | 000,630,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/04 16:17:33 | 000,109,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/04 16:11:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 16:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/04 16:11:00 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/04 16:05:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/04 16:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/04 10:37:56 | 000,000,374 | ---- | M] () -- C:\Users\shelly\Desktop\ Mabinogi .lnk
[2011/09/04 10:36:45 | 000,000,512 | ---- | M] () -- C:\Users\shelly\Desktop\MBR.dat
[2011/09/04 09:49:05 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\shelly\Desktop\aswMBR.exe
[2011/09/04 09:29:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\shelly\Desktop\OTL.exe
[2011/09/03 08:16:11 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/30 10:54:36 | 331,135,685 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/29 14:48:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/29 14:47:43 | 000,749,728 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Users\shelly\Desktop\*.tmp files -> C:\Users\shelly\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 10:36:45 | 000,000,512 | ---- | C] () -- C:\Users\shelly\Desktop\MBR.dat
[2011/02/06 14:51:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/27 11:11:12 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/22 16:17:39 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2010/05/18 17:46:38 | 000,000,356 | ---- | C] () -- C:\Users\shelly\AppData\Roaming\wklnhst.dat
[2010/05/08 20:57:35 | 000,000,248 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/21 22:28:05 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/21 22:28:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/11/11 11:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/05 23:10:06 | 000,000,590 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/08 16:26:06 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\.minecraft
[2010/02/26 08:40:55 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\acccore
[2011/09/03 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\DVDVideoSoft
[2011/07/31 15:35:57 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/25 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\gtk-2.0
[2010/01/07 19:44:38 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Nexon
[2010/03/01 21:32:52 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\ooVoo Details
[2010/01/25 14:12:20 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Publish Providers
[2010/12/25 15:51:33 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Sony
[2010/01/27 10:36:05 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\SYSTEMAX Software Development
[2010/06/20 17:25:11 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\TeamViewer
[2010/05/18 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Template
[2009/12/16 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\WildTangent
[2011/06/06 21:50:41 | 000,000,000 | ---D | M] -- C:\Users\shelly\AppData\Roaming\Windows Live Writer
[2011/04/21 12:03:33 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could well be ... A final sweep for orphans :)

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
Alpaca

Alpaca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
One was found, but it didn't require any extra measures or restarting.

The log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7652

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/4/2011 5:02:55 PM
mbam-log-2011-09-04 (17-02-55).txt

Scan type: Quick scan
Objects scanned: 186094
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :unsure:
  • 0

#9
Alpaca

Alpaca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi! Awesome! I'll constantly googlesearch to make sure.
THANKK YOUUU SOOO MUUUCCCHH! C:
I will donate!

I just updated my Java,

Now, I wanna ask about the Spring Cleaning, this step:
SPRING CLEAN

To manually create a new Restore Point

•Go to Control Panel and select System

•Select System

•On the left select System Protection and accept the warning if you get one

•Select System Protection Tab

•Select Create at the bottom

•Type in a name i.e. Clean

•Select Create



I can't seem to find System Protection in control panel. Is it because I have Windows 7 Home Premium the set up is different?

Edited by Alpaca, 04 September 2011 - 04:01 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:) If control panel is set to classic view you will see system here, click that and on the top left is the link to system protection

[attachment=52297:Capture0.GIF]

[attachment=52298:Capture.GIF]
  • 0

#11
Alpaca

Alpaca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay! I found it!

Now for the next step:
Now we can purge the infected ones

•GoStart > All programs > Accessories > system tools

•Right click Disc cleanup and select run as administrator

•Select Your main drive and accept the warning if you get one

•For a few moments the system will make some calculations

•Select the More Options tab

•In the System Restore and Shadow Backups select Clean up

•Select Delete on the pop up

•Select OK

•Select Delete



Should I do it now, or do it monthly or so?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do it just the once as we need to purge the old restore points which can harbour bad files, although they are inert. But if you need to do a system restore they could reactivate
  • 0

#13
Alpaca

Alpaca

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay! I followed the clean-up steps, and followed the little guide to protect myself!

Thank you VERYVERYVERYVERYMUUCHOOVERYVERYVERY MUUCH! :)

All my google searches are heading straight to the site intended, and not to some annoying advertising site.
Thank you so much, and I'll help support you guys!

THANK YOU! C:

(haaapppyyy)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP