Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran LSP-Fix on Win7 64x - Now Unable to Load Any Webpage [Solved]


  • This topic is locked This topic is locked

#76
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Can you check to see if the redirects also occur in Internet Explorer?
  • 0

Advertisements


#77
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Sorry it took me so long to get back to you. I haven't noticed it in IE, but I can't really use it for much since it's not setup for most of the sites I use, or have the add-ons that I use. So, I'm not totally sure. But, the redirections are still there.. but are not to frequent, but are annoying. Any ideas?
  • 0

#78
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Matt!

Please run this tool for me:


Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#79
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-17 06:55:29
-----------------------------
06:55:29.254 OS Version: Windows x64 6.1.7600
06:55:29.254 Number of processors: 2 586 0x301
06:55:29.256 ComputerName: AEON UserName: Mafu
06:55:31.072 Initialize success
07:13:10.206 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:13:10.211 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 11
07:13:10.257 Disk 0 MBR read successfully
07:13:10.260 Disk 0 MBR scan
07:13:10.266 Disk 0 Windows 7 default MBR code
07:13:10.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:13:10.373 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
07:13:10.377 Service scanning
07:13:11.867 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
07:13:13.008 Modules scanning
07:13:13.013 Disk 0 trace - called modules:
07:13:14.381 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
07:13:14.386 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004876060]
07:13:14.392 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> [0xfffffa8004874630]
07:13:14.400 5 hpdskflt.sys[fffff880013f22bd] -> nt!IofCallDriver -> [0xfffffa8004874040]
07:13:14.408 7 PCTCore64.sys[fffff880010fd094] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047fd060]
07:13:14.415 Scan finished successfully
07:13:55.004 Disk 0 MBR has been saved successfully to "C:\Users\Mafu\Desktop\MBR.dat"
07:13:55.012 The log file has been saved successfully to "C:\Users\Mafu\Desktop\aswMBR.txt"
  • 0

#80
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
hmm.. That wasn't showing me what I was hoping to see with it.

Run a new OTL scan for me:

OTL Custom Scan

We need to run an OTL Custom Scan

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.

  • 0

#81
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OTL Log: [FORGOT TO CLICK THE SCAN ALL USERS BOX-Rescanning]

OTL logfile created on: 1/17/2012 10:20:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mafu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.52% Memory free
7.99 Gb Paging File | 6.22 Gb Available in Paging File | 77.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 21.97 Gb Free Space | 9.44% Space Free | Partition Type: NTFS

Computer Name: AEON | User Name: Mafu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/17 22:19:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
PRC - [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/21 23:21:20 | 000,014,848 | ---- | M] () -- C:\Users\Mafu\Desktop\New folder\volumouse32.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/08 02:51:13 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/24 14:58:58 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/21 23:21:20 | 000,014,848 | ---- | M] () -- C:\Users\Mafu\Desktop\New folder\volumouse32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/25 18:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/16 14:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 14:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/17 03:50:44 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/24 12:33:26 | 000,921,600 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/19 04:36:53 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2011/08/08 10:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/30 08:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 18:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/25 07:28:54 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/29 09:01:53 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/16 12:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/07/23 23:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 16:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/11/10 05:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2011/12/24 15:08:12 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 DE 89 52 9C B7 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.2: C:\Program Files (x86)\TorrentStream\npvlc.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mafu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 9.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012/01/07 06:52:07 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 9.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/23 18:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/24 14:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 00:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/12/15 01:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\Mafu\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2011/06/27 14:57:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Mafu\AppData\Roaming\IDM\idmmzcc3

[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/12 22:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions
[2012/01/05 20:22:15 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2012/01/11 04:57:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/22 05:41:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/11/12 01:45:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/21 01:33:14 | 000,000,000 | ---D | M] ("VWC Cocoon") -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\[email protected]
[2011/12/15 01:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ig01k7m.default\extensions
[2011/11/26 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/24 14:58:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/24 14:58:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/24 14:58:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/23 02:07:53 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeyExtender.exe] C:\Program Files (x86)\KeyExtender\KeyExtender.exe -Hide File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [$Volumouse$] C:\Users\Mafu\Desktop\New folder\volumouse.exe (NirSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA9D193-F66A-4E15-B9E2-EB4056CC71F5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B9FFDE1-1B19-47A1-9AA7-FF552F2B79E5}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 22:19:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/17 22:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/01/17 20:59:56 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Raspberry Pi VM
[2012/01/17 06:54:49 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Mafu\Desktop\aswMBR.exe
[2012/01/13 03:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012/01/13 03:01:58 | 000,000,000 | ---D | C] -- C:\77ba3578eae882541ae9ccfab7fedf94
[2012/01/13 00:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2012/01/13 00:31:39 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2012/01/11 23:48:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/11 04:58:40 | 000,000,000 | ---D | C] -- C:\Users\Mafu\dwhelper
[2012/01/11 03:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Share
[2012/01/11 03:08:31 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Share
[2012/01/11 03:02:45 | 000,000,000 | ---D | C] -- C:\bee274198a1f6abdad9fc1b49728e8
[2012/01/11 03:01:38 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/01/08 04:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/01/08 03:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/01/08 03:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/08 01:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/08 01:52:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/08 01:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/07 23:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/07 23:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/07 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/07 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/07 23:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/01/07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/01/07 23:07:03 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\redsn0w
[2012/01/07 07:28:50 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\New folder
[2012/01/07 06:57:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/07 06:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2012/01/07 00:35:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/06 23:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/06 23:45:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/02 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Cd Keys_files
[2012/01/02 21:29:24 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\MigWiz
[2011/12/31 22:28:42 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\CrashDumps
[2011/12/29 02:00:28 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\Threat Expert
[2011/12/25 00:19:52 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/12/25 00:19:52 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/12/25 00:19:51 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/12/25 00:19:51 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/12/25 00:19:48 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/12/25 00:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/25 00:19:44 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/24 23:45:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/24 15:11:12 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/12/24 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/12/21 23:43:32 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Malwarebytes
[2011/12/21 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2012/01/17 22:19:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/17 21:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000UA.job
[2012/01/17 20:30:42 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 20:30:42 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 20:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/17 20:13:46 | 3219,521,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/17 06:55:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Mafu\Desktop\aswMBR.exe
[2012/01/17 02:26:28 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2012/01/14 00:06:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000Core.job
[2012/01/13 00:31:45 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2012/01/11 05:07:52 | 400,709,614 | ---- | M] () -- C:\Users\Mafu\Desktop\live_user_jumpzsbd_1277462003.flv
[2012/01/11 03:08:39 | 000,000,929 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Share by BitTorrent.lnk
[2012/01/11 00:02:53 | 001,674,190 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/10 18:32:47 | 471,142,306 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/10 14:10:47 | 000,002,052 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/09 12:59:34 | 001,373,734 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/09 12:59:34 | 000,372,676 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/09 12:59:34 | 000,006,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/08 04:35:47 | 000,001,969 | ---- | M] () -- C:\Users\Mafu\Desktop\Update Checker.lnk
[2012/01/08 04:19:05 | 000,000,003 | ---- | M] () -- C:\Users\Mafu\AppData\Roaming\ispnetkey.dll
[2012/01/08 03:09:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/08 03:09:32 | 000,006,642 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/08 03:06:49 | 000,001,437 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/08 03:02:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/08 03:02:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/08 01:52:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 07:40:43 | 000,001,830 | ---- | M] () -- C:\Users\Mafu\Desktop\me.com.js
[2012/01/05 18:53:16 | 493,166,498 | ---- | M] () -- C:\registrybackup.reg
[2012/01/03 20:54:47 | 000,000,002 | ---- | M] () -- C:\$drvmig$
[2012/01/03 20:49:42 | 000,002,188 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/03 20:49:38 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/02 22:46:36 | 000,010,362 | ---- | M] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/02 21:58:38 | 004,977,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/25 13:22:45 | 000,000,154 | ---- | M] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 01:01:29 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/25 00:19:47 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 15:08:12 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/24 14:56:32 | 000,000,450 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/23 02:07:53 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/21 22:45:08 | 000,000,104 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/13 00:31:45 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2012/01/11 04:58:44 | 400,709,614 | ---- | C] () -- C:\Users\Mafu\Desktop\live_user_jumpzsbd_1277462003.flv
[2012/01/11 03:08:39 | 000,000,929 | ---- | C] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Share by BitTorrent.lnk
[2012/01/08 04:35:47 | 000,001,999 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/01/08 04:35:47 | 000,001,969 | ---- | C] () -- C:\Users\Mafu\Desktop\Update Checker.lnk
[2012/01/08 03:09:20 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/08 03:06:58 | 000,000,003 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\ispnetkey.dll
[2012/01/08 03:02:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/08 03:02:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/08 01:52:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 07:40:42 | 000,001,830 | ---- | C] () -- C:\Users\Mafu\Desktop\me.com.js
[2012/01/07 06:52:08 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2012/01/07 06:52:08 | 000,000,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2012/01/05 18:52:46 | 493,166,498 | ---- | C] () -- C:\registrybackup.reg
[2012/01/02 23:23:57 | 000,000,002 | ---- | C] () -- C:\$drvmig$
[2012/01/02 22:43:37 | 000,010,362 | ---- | C] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/01 20:33:24 | 471,142,306 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/25 11:18:54 | 000,000,154 | ---- | C] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 00:19:56 | 001,674,190 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/25 00:19:47 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 15:08:09 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/21 22:45:08 | 000,000,104 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/13 22:41:49 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/11/07 00:39:56 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2011/08/05 00:54:32 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
[2011/07/09 02:48:38 | 000,000,600 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\winscp.rnd
[2011/06/19 00:42:55 | 000,000,020 | ---- | C] () -- C:\Windows\Converter.INI
[2011/06/09 23:56:10 | 000,000,687 | ---- | C] () -- C:\Windows\SysWow64\wta_Two.dat
[2011/06/09 23:46:35 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\wta_One.dat
[2011/06/09 23:44:00 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\wta.dat
[2011/06/09 18:49:52 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\wta.ini
[2011/06/03 20:06:31 | 004,718,592 | ---- | C] () -- C:\Windows\SysWow64\savegame.bin
[2011/05/31 19:55:42 | 000,064,048 | ---- | C] () -- C:\Windows\SysWow64\Hidhlp.dll
[2011/05/31 19:55:42 | 000,011,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\KMDX.sys
[2011/05/12 21:07:42 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/12 20:52:13 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/12 20:51:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/09 05:03:01 | 000,001,456 | ---- | C] () -- C:\Users\Mafu\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/07 00:52:35 | 000,003,584 | ---- | C] () -- C:\Users\Mafu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 22:58:46 | 000,000,017 | ---- | C] () -- C:\Users\Mafu\AppData\Local\resmon.resmoncfg
[2011/03/31 00:48:21 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011/03/30 23:26:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/30 23:26:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/30 23:26:18 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/30 23:26:18 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/30 23:26:18 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/20 02:55:39 | 000,000,426 | ---- | C] () -- C:\Windows\aspack.ini
[2011/02/01 20:02:16 | 000,000,132 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/18 00:14:04 | 000,000,173 | ---- | C] () -- C:\Users\Mafu\AppData\Local\msmathematics.qat.Mafu
[2011/01/17 19:05:17 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/01/03 22:51:33 | 000,000,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 00:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/01/02 19:41:19 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/02 18:12:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/24 05:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/12/22 00:34:41 | 000,006,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 04:17:44 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010/12/20 03:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 11:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2011/09/27 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.minecraft
[2010/09/20 01:22:32 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.minecraft server
[2011/01/21 01:28:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.Torrent Stream
[2011/07/09 02:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\AbsoluteTelnet
[2011/01/15 02:16:13 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\aicon
[2011/06/12 23:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Anywhere Software
[2011/05/08 02:46:43 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\AtomZombieData
[2011/05/18 03:04:49 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Blender Foundation
[2011/01/28 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\BOXEE
[2011/04/06 03:13:16 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Bridge!
[2011/04/27 00:07:18 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Colibri Games
[2011/04/17 18:44:09 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\DMCache
[2011/05/25 07:55:14 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\DroidExplorer
[2011/07/01 02:21:20 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Dropbox
[2010/12/24 05:39:01 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\EDrawings
[2011/12/24 15:11:12 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/09/27 03:30:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\FileZilla
[2011/05/20 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\FMZilla
[2011/05/24 08:32:59 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\gtk-2.0
[2011/01/19 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Hackety Hack
[2011/03/04 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\HandBrake
[2011/05/17 21:48:57 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\illumination
[2011/09/16 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\ImgBurn
[2011/01/05 12:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\IrfanView
[2011/04/09 05:11:41 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Key Metric Software
[2011/12/15 01:23:08 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\KompoZer
[2011/03/20 23:01:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Lamantine
[2011/05/15 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\LazyDroid Client
[2011/03/04 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Leadertech
[2011/06/19 20:38:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\MDCrack
[2010/12/20 05:26:48 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Mount&Blade Warband
[2011/05/03 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/01/08 04:42:57 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Notepad++
[2011/12/15 01:20:39 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Nvu
[2011/10/14 03:01:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\OnLive App
[2011/05/06 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Opera
[2011/01/23 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\PACE Anti-Piracy
[2011/09/28 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pegtop
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pencil
[2011/05/19 22:08:09 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\poclbm
[2011/01/17 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pogo
[2012/01/07 23:22:59 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\redsn0w
[2012/01/11 03:15:41 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Share
[2011/07/14 03:53:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\SystemRequirementsLab
[2011/12/31 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\TeamViewer
[2011/10/26 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\TeraCopy
[2011/03/24 01:23:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\The Creative Assembly
[2011/03/25 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Tropico 3
[2011/01/02 23:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Tunngle
[2011/01/12 21:15:50 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Ubisoft
[2011/05/04 00:36:36 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Unity
[2011/10/02 17:05:56 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Unzbin
[2011/06/02 21:48:40 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\updatetool
[2012/01/17 21:49:32 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\uTorrent
[2010/12/20 06:22:11 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\VitySoft
[2011/08/06 01:47:14 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\VOS
[2011/05/13 00:34:46 | 000,000,000 | -HSD | M] -- C:\Users\Mafu\AppData\Roaming\wyUpdate AU
[2011/08/07 04:02:55 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\XLink Kai
[2012/01/16 22:21:15 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /HideShortcuts [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /ShowShortcuts [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Waterfox\firefox.exe [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Waterfox\firefox.exe" -preferences [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Waterfox\firefox.exe" -safe-mode [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /HideShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /ShowShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\Program Files (x86)\SeaMonkey\seamonkey.exe [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -preferences [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -safe-mode [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\WATERFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\WATERFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\WATERFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\WATERFOX\FIREFOX.EXE [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\WATERFOX\FIREFOX.EXE" -PREFERENCES [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\WATERFOX\FIREFOX.EXE" -SAFE-MODE [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE" -PREFERENCES [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE" -SAFE-MODE [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >



Also, another problem. So I'm trying to install VirtualBox, the installer is MSI based install file.
When I try to install VirtualBox-4.1.8-75467-Win.exe, I run into this error:
"Installation failed! Error: The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your..."
I attempted to Start the Windows Installer Service, but it said something like the file is missing. So, yeah. It's probably missing. It's amazing. My PC has been running flawless for years. Not a single BSOD. and then BAM!, Disconnected from the internet, redirection problems, installer problems. It's like I got hit with all these things at once.

Edited by Matt Smith, 18 January 2012 - 12:37 AM.

  • 0

#82
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi Matt,

That's definitely unfortunate. I'll have you run a scan below to check on a few things.


It looks like the issue maybe with your host file still infected.

These malicious entries are in it:

O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.

We Need to Run a Batch Script

  • Press the Windows Logo in the bottom left corner of your screen.
  • In the Posted Image box, enter notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into notepad.
    @echo off
    attrib -r -h -s "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
    attrib -r -h -s "C:\Windows\SysNative\drivers\etc\hosts"
    attrib -r -h -s "C:\Windows\SysWOW64\drivers\etc\hosts"
    del /q /f "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
    del /q /f "C:\Windows\SysNative\drivers\etc\hosts"
    del /q /f "C:\Windows\SysWOW64\drivers\etc\hosts"
    echo 127.0.0.1 localhost > "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS"
    echo 127.0.0.1 localhost > "C:\Windows\SysNative\drivers\etc\hosts"
    echo 127.0.0.1 localhost > "C:\Windows\SysWOW64\drivers\etc\hosts"
    @echo off
    echo This is the hosts file from sysnative >file.txt
    type C:\Windows\SysNative\drivers\etc\hosts >>file.txt
    echo This is the host file from system32 >>file.txt
    type C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS >>file.txt
    echo This is the host file from syswow >>file.txt
    type C:\Windows\SysWOW64\drivers\etc\hosts>> file.txt
    file.txt
    del %0
  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.bat.
  • Press Posted Image.
  • Close Notepad.
  • Right click Posted Image on your desktop, and choose Posted Image.
  • Press Yes if prompted by User Account Control.

Please post the contents of the File.txt log file in your next reply.


Also run this scan:

Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#83
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Fix.Bat
This is the hosts file from sysnative
This is the host file from system32
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost



FSS:


Farbar Service Scanner Version: 17-01-2012 00
Ran by Mafu (administrator) on 17-01-2012 at 22:44:57
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 16:09] - [2009-07-13 17:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 16:09] - [2009-07-13 17:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 15:36] - [2009-07-13 17:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 15:39] - [2009-07-13 17:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-04-03 22:30] - [2010-12-20 22:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 16:36] - [2009-07-13 17:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 15:46] - [2009-07-13 17:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 15:49] - [2009-07-13 17:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by Matt Smith, 18 January 2012 - 12:45 AM.

  • 0

#84
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:thumbsup:
  • 0

#85
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OTL W/ All User Selected

OTL logfile created on: 1/17/2012 10:37:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mafu\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.35% Memory free
7.99 Gb Paging File | 6.13 Gb Available in Paging File | 76.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 29.90 Gb Free Space | 12.85% Space Free | Partition Type: NTFS

Computer Name: AEON | User Name: Mafu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/17 22:19:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
PRC - [2011/12/24 14:58:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/21 23:21:20 | 000,014,848 | ---- | M] () -- C:\Users\Mafu\Desktop\New folder\volumouse32.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/08 02:51:13 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/24 14:58:58 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/21 23:21:20 | 000,014,848 | ---- | M] () -- C:\Users\Mafu\Desktop\New folder\volumouse32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/25 18:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/16 14:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 14:56:50 | 000,119,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/12 08:45:26 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\SysNative\StkCSrv.exe -- (StkSSrv)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/17 03:50:44 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 12:48:55 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/24 12:33:26 | 000,921,600 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/19 04:36:53 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2011/08/08 10:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/30 08:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/11/25 20:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 18:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/25 07:28:54 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2010/09/26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/29 09:01:53 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/16 02:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/09 16:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/16 12:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/07/23 23:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 16:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/11/10 05:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2011/12/24 15:08:12 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 DE 89 52 9C B7 CB 01 [binary data]
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.2: C:\Program Files (x86)\TorrentStream\npvlc.dll (The Torrent Stream and VideoLAN and Delft University of Technology)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mafu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mafu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mafu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 9.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012/01/07 06:52:07 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 9.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/23 18:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/24 14:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/22 00:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/12/15 01:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\Mafu\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2011/06/27 14:57:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Mafu\AppData\Roaming\IDM\idmmzcc3

[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/12 22:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions
[2012/01/05 20:22:15 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2012/01/11 04:57:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/22 05:41:44 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/11/12 01:45:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/21 01:33:14 | 000,000,000 | ---D | M] ("VWC Cocoon") -- C:\Users\Mafu\AppData\Roaming\Mozilla\Firefox\Profiles\x9qp4l2y.default\extensions\[email protected]
[2011/12/15 01:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mafu\AppData\Roaming\Mozilla\SeaMonkey\Profiles\6ig01k7m.default\extensions
[2011/11/26 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/24 14:58:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/24 14:58:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/24 14:58:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/23 02:07:53 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 184.95.41.155 www.google-analytics.com.
O1 - Hosts: 184.95.41.155 ad-emea.doubleclick.net.
O1 - Hosts: 184.95.41.155 www.statcounter.com.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [DVD or CD Sharing] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeyExtender.exe] C:\Program Files (x86)\KeyExtender\KeyExtender.exe -Hide File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000..\Run: [$Volumouse$] C:\Users\Mafu\Desktop\New folder\volumouse.exe (NirSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2302230544-2342101270-558501468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA9D193-F66A-4E15-B9E2-EB4056CC71F5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B9FFDE1-1B19-47A1-9AA7-FF552F2B79E5}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 22:19:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/17 22:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/01/17 20:59:56 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Raspberry Pi VM
[2012/01/17 06:54:49 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Mafu\Desktop\aswMBR.exe
[2012/01/13 03:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012/01/13 03:01:58 | 000,000,000 | ---D | C] -- C:\77ba3578eae882541ae9ccfab7fedf94
[2012/01/13 00:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2012/01/13 00:31:39 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2012/01/11 23:48:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/11 04:58:40 | 000,000,000 | ---D | C] -- C:\Users\Mafu\dwhelper
[2012/01/11 03:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Share
[2012/01/11 03:08:31 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Share
[2012/01/11 03:02:45 | 000,000,000 | ---D | C] -- C:\bee274198a1f6abdad9fc1b49728e8
[2012/01/11 03:01:38 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/01/08 04:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/01/08 03:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/01/08 03:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/08 01:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/08 01:52:41 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/08 01:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/07 23:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/07 23:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/07 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/07 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/07 23:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/01/07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/07 23:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/01/07 23:07:03 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\redsn0w
[2012/01/07 07:28:50 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\New folder
[2012/01/07 06:57:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/07 06:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2012/01/07 00:35:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/06 23:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/06 23:45:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/02 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\Mafu\Desktop\Cd Keys_files
[2012/01/02 21:29:24 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\MigWiz
[2011/12/31 22:28:42 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\CrashDumps
[2011/12/29 02:00:28 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Local\Threat Expert
[2011/12/25 00:19:52 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/12/25 00:19:52 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/12/25 00:19:51 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/12/25 00:19:51 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/12/25 00:19:48 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/12/25 00:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/25 00:19:44 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/25 00:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/24 23:45:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/24 15:11:12 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/12/24 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/12/21 23:43:32 | 000,000,000 | ---D | C] -- C:\Users\Mafu\AppData\Roaming\Malwarebytes
[2011/12/21 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/21 21:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2012/01/17 22:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000UA.job
[2012/01/17 22:19:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mafu\Desktop\OTL.exe
[2012/01/17 20:30:42 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 20:30:42 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 20:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/17 20:13:46 | 3219,521,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/17 06:55:23 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Mafu\Desktop\aswMBR.exe
[2012/01/17 02:26:28 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2012/01/14 00:06:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302230544-2342101270-558501468-1000Core.job
[2012/01/13 00:31:45 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2012/01/11 05:07:52 | 400,709,614 | ---- | M] () -- C:\Users\Mafu\Desktop\live_user_jumpzsbd_1277462003.flv
[2012/01/11 03:08:39 | 000,000,929 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Share by BitTorrent.lnk
[2012/01/11 00:02:53 | 001,674,190 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/10 18:32:47 | 471,142,306 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/10 14:10:47 | 000,002,052 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/09 12:59:34 | 001,373,734 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/09 12:59:34 | 000,372,676 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/09 12:59:34 | 000,006,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/08 04:35:47 | 000,001,969 | ---- | M] () -- C:\Users\Mafu\Desktop\Update Checker.lnk
[2012/01/08 04:19:05 | 000,000,003 | ---- | M] () -- C:\Users\Mafu\AppData\Roaming\ispnetkey.dll
[2012/01/08 03:09:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/08 03:09:32 | 000,006,642 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/08 03:06:49 | 000,001,437 | ---- | M] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/08 03:02:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/08 03:02:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/08 01:52:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 07:40:43 | 000,001,830 | ---- | M] () -- C:\Users\Mafu\Desktop\me.com.js
[2012/01/05 18:53:16 | 493,166,498 | ---- | M] () -- C:\registrybackup.reg
[2012/01/03 20:54:47 | 000,000,002 | ---- | M] () -- C:\$drvmig$
[2012/01/03 20:49:42 | 000,002,188 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/03 20:49:38 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/02 22:46:36 | 000,010,362 | ---- | M] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/02 21:58:38 | 004,977,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/25 13:22:45 | 000,000,154 | ---- | M] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 01:01:29 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/25 00:19:47 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 15:08:12 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/24 14:56:32 | 000,000,450 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/23 02:07:53 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/21 22:45:08 | 000,000,104 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/13 00:31:45 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2012/01/11 04:58:44 | 400,709,614 | ---- | C] () -- C:\Users\Mafu\Desktop\live_user_jumpzsbd_1277462003.flv
[2012/01/11 03:08:39 | 000,000,929 | ---- | C] () -- C:\Users\Mafu\Application Data\Microsoft\Internet Explorer\Quick Launch\Share by BitTorrent.lnk
[2012/01/08 04:35:47 | 000,001,999 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/01/08 04:35:47 | 000,001,969 | ---- | C] () -- C:\Users\Mafu\Desktop\Update Checker.lnk
[2012/01/08 03:09:20 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/08 03:06:58 | 000,000,003 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\ispnetkey.dll
[2012/01/08 03:02:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/08 03:02:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/08 01:52:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 07:40:42 | 000,001,830 | ---- | C] () -- C:\Users\Mafu\Desktop\me.com.js
[2012/01/07 06:52:08 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2012/01/07 06:52:08 | 000,000,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2012/01/05 18:52:46 | 493,166,498 | ---- | C] () -- C:\registrybackup.reg
[2012/01/02 23:23:57 | 000,000,002 | ---- | C] () -- C:\$drvmig$
[2012/01/02 22:43:37 | 000,010,362 | ---- | C] () -- C:\Users\Mafu\Desktop\Cd Keys.htm
[2012/01/01 20:33:24 | 471,142,306 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/25 11:18:54 | 000,000,154 | ---- | C] () -- C:\Users\Mafu\Desktop\Reset.bat
[2011/12/25 00:19:56 | 001,674,190 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/25 00:19:47 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/24 15:08:09 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/12/21 22:45:08 | 000,000,104 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/13 22:41:49 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/11/07 00:39:56 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
[2011/08/05 00:54:32 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
[2011/07/09 02:48:38 | 000,000,600 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\winscp.rnd
[2011/06/19 00:42:55 | 000,000,020 | ---- | C] () -- C:\Windows\Converter.INI
[2011/06/09 23:56:10 | 000,000,687 | ---- | C] () -- C:\Windows\SysWow64\wta_Two.dat
[2011/06/09 23:46:35 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\wta_One.dat
[2011/06/09 23:44:00 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\wta.dat
[2011/06/09 18:49:52 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\wta.ini
[2011/06/03 20:06:31 | 004,718,592 | ---- | C] () -- C:\Windows\SysWow64\savegame.bin
[2011/05/31 19:55:42 | 000,064,048 | ---- | C] () -- C:\Windows\SysWow64\Hidhlp.dll
[2011/05/31 19:55:42 | 000,011,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\KMDX.sys
[2011/05/12 21:07:42 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/12 20:52:13 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/12 20:51:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/09 05:03:01 | 000,001,456 | ---- | C] () -- C:\Users\Mafu\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/07 00:52:35 | 000,003,584 | ---- | C] () -- C:\Users\Mafu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 22:58:46 | 000,000,017 | ---- | C] () -- C:\Users\Mafu\AppData\Local\resmon.resmoncfg
[2011/03/31 00:48:21 | 000,000,254 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011/03/30 23:26:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/30 23:26:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/30 23:26:18 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/30 23:26:18 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/30 23:26:18 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/20 02:55:39 | 000,000,426 | ---- | C] () -- C:\Windows\aspack.ini
[2011/02/01 20:02:16 | 000,000,132 | ---- | C] () -- C:\Users\Mafu\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/18 00:14:04 | 000,000,173 | ---- | C] () -- C:\Users\Mafu\AppData\Local\msmathematics.qat.Mafu
[2011/01/17 19:05:17 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/01/03 22:51:33 | 000,000,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 00:06:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/01/02 19:41:19 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/02 18:12:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/24 05:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/12/22 00:34:41 | 000,006,642 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 04:17:44 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010/12/20 03:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/17 11:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2011/09/27 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.minecraft
[2010/09/20 01:22:32 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.minecraft server
[2011/01/21 01:28:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\.Torrent Stream
[2011/07/09 02:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\AbsoluteTelnet
[2011/01/15 02:16:13 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\aicon
[2011/06/12 23:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Anywhere Software
[2011/05/08 02:46:43 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\AtomZombieData
[2011/05/18 03:04:49 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Blender Foundation
[2011/01/28 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\BOXEE
[2011/04/06 03:13:16 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Bridge!
[2011/04/27 00:07:18 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Colibri Games
[2011/04/17 18:44:09 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\DMCache
[2011/05/25 07:55:14 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\DroidExplorer
[2011/07/01 02:21:20 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Dropbox
[2010/12/24 05:39:01 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\EDrawings
[2011/12/24 15:11:12 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\f-secure
[2011/09/27 03:30:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\FileZilla
[2011/05/20 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\FMZilla
[2011/05/24 08:32:59 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\gtk-2.0
[2011/01/19 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Hackety Hack
[2011/03/04 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\HandBrake
[2011/05/17 21:48:57 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\illumination
[2011/09/16 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\ImgBurn
[2011/01/05 12:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\IrfanView
[2011/04/09 05:11:41 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Key Metric Software
[2011/12/15 01:23:08 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\KompoZer
[2011/03/20 23:01:06 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Lamantine
[2011/05/15 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\LazyDroid Client
[2011/03/04 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Leadertech
[2011/06/19 20:38:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\MDCrack
[2010/12/20 05:26:48 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Mount&Blade Warband
[2011/05/03 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/01/08 04:42:57 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Notepad++
[2011/12/15 01:20:39 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Nvu
[2011/10/14 03:01:38 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\OnLive App
[2011/05/06 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Opera
[2011/01/23 19:03:08 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\PACE Anti-Piracy
[2011/09/28 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pegtop
[2011/09/28 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pencil
[2011/05/19 22:08:09 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\poclbm
[2011/01/17 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Pogo
[2012/01/07 23:22:59 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\redsn0w
[2012/01/11 03:15:41 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Share
[2011/07/14 03:53:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\SystemRequirementsLab
[2011/12/31 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\TeamViewer
[2011/10/26 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\TeraCopy
[2011/03/24 01:23:27 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\The Creative Assembly
[2011/03/25 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Tropico 3
[2011/01/02 23:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Tunngle
[2011/01/12 21:15:50 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Ubisoft
[2011/05/04 00:36:36 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Unity
[2011/10/02 17:05:56 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\Unzbin
[2011/06/02 21:48:40 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\updatetool
[2012/01/17 21:49:32 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\uTorrent
[2010/12/20 06:22:11 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\VitySoft
[2011/08/06 01:47:14 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\VOS
[2011/05/13 00:34:46 | 000,000,000 | -HSD | M] -- C:\Users\Mafu\AppData\Roaming\wyUpdate AU
[2011/08/07 04:02:55 | 000,000,000 | ---D | M] -- C:\Users\Mafu\AppData\Roaming\XLink Kai
[2012/01/16 22:21:15 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /HideShortcuts [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /ShowShortcuts [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Waterfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Waterfox\firefox.exe [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Waterfox\firefox.exe" -preferences [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Waterfox\firefox.exe" -safe-mode [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/01/08 03:02:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /HideShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /ShowShortcuts [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\Program Files (x86)\SeaMonkey\seamonkey.exe [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -preferences [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -safe-mode [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\WATERFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\WATERFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\WATERFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/12/20 10:50:00 | 000,741,770 | ---- | M] (waterfoxproj.sf.net)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\WATERFOX\FIREFOX.EXE [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\WATERFOX\FIREFOX.EXE" -PREFERENCES [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\WATERFOX\FIREFOX.EXE" -SAFE-MODE [2011/12/20 10:50:00 | 000,694,272 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/01/08 03:02:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/01/08 03:02:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SEAMONKEY\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/21 08:16:18 | 000,700,312 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE" -PREFERENCES [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\SEAMONKEY.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\SEAMONKEY\SEAMONKEY.EXE" -SAFE-MODE [2011/11/21 08:16:19 | 000,044,032 | ---- | M] (mozilla.org)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
  • 0

Advertisements


#86
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Matt,

Still looks to be infected.

Visit this link here: http://support.microsoft.com/kb/972034 and proceed with the Microsoft FixIt.

Lets see if that's able to reset your host file successfully.
  • 0

#87
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
It appears I can not run the FixIT.MSI file because it is related to the Windows Installer program, though it doesn't say it specifically.
When I run the program, it says that the file cannot be found. As in the file that I'm opening. The MSI file also doesn't have an Icon.
  • 0

#88
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
That's right.

Try to launch an elevated command prompt window.

Copy/Paste the following bolded text: net start wuauserv

Then also try the suggestions in this article here: http://support.micro....com/kb/2642495

Let me know how that goes.
  • 0

#89
Matt Smith

Matt Smith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
As for running net start wuauserv it says:
The requested service has already been started.

Method 1: Check the status of the Windows Installer Service:
When trying to start the service of Windows Installer it says...
Windows could not start the Windows Installer service on Local Computer.
Error 2: The system cannot find the file specified.

Method 2: Reset the Windows Installer Service Registry settings via Msirepair.reg.
Seems to have no change.

Method 3: uninstall any previous versions of applications that you may be trying to update
Is not relevant to me.

AS it seems, the Windows Installer Program has been moved/deleted. Not sure how to re-install.
  • 0

#90
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. I was thinking that it may have gotten removed/deleted.

Lets run a check on your system files to see if it's detected as missing/requiring replacement.


SFC ScanNow

You will need to launch an elevated command prompt window.

Type in: sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files.

Please post back when it has finished letting me know what it has reported.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP